8.8
CVE-2023-4704
- EPSS 0.08%
- Veröffentlicht 01.09.2023 10:15:08
- Zuletzt bearbeitet 21.11.2024 08:35:43
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
LoginExternal Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Instantcms ≫ Instantcms Version < 2.16.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.233 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| security@huntr.dev | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-15 External Control of System or Configuration Setting
One or more system settings or configuration elements can be externally controlled by a user.
CWE-610 Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.