CVE-2023-43382

Sažetak

Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.

Reference

https://gitee.com/iteachyou/dreamer_cms/issues/I821AI
https://aecous.github.io/2023/09/17/Text/?password=Aecous
https://gist.github.com/Aecous/7c6524859d624c00f4a975ecd5a743a7

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

26-09-2023 - 14:46

Objavljeno

25-09-2023 - 16:15