8.8
CVE-2023-4409
- EPSS 0.76%
- Veröffentlicht 18.08.2023 13:15:09
- Zuletzt bearbeitet 21.11.2024 08:35:05
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginNBS&HappySoftWeChat unrestricted upload
A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237512.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Happysoft ≫ Nbs&happysoftwechat Version1.1.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.505 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://github.com/ApricityXX/cve/blob/main/upload/upload.md
https://vuldb.com/?ctiid.237512
https://vuldb.com/?id.237512