CVE-2023-24108

Exploit

EPSS 0.14%
Published 22.02.2023 04:15:10
Last modified 13.03.2025 20:15:14
Source cve@mitre.org
Teams watchlist Login
Open Login

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Zetacomponenets ≫ Mvctools Version2008-09-23

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.349

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://mirrors.neusoft.edu.cn/pypi/web/simple/request/

Broken Link

https://github.com/zetacomponents/MvcTools/

Product

https://github.com/zetacomponents/MvcTools/issues/12

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-24108

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24108

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24108

EUVD