CVE-2023-3231

Exploit

EPSS 0.28%
Veröffentlicht 14.06.2023 06:15:09
Zuletzt bearbeitet 21.11.2024 08:16:45
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ujcms ≫ Ujcms Version <= 6.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.509

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.1	3.9	2.9	AV:N/AC:H/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/ujcms/ujcms/issues/6

Vendor Advisory

Exploit

https://vuldb.com/?ctiid.231502

Permissions Required

https://vuldb.com/?id.231502

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-3231

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3231

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3231

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3231