Lucene search
HistoryApr 07, 2023 - 3:15 a.m.
CVE-2023-26817
cve-2023-26817
codefever
rce
vulnerability
controllers
api
user.php
nvd
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
54.3%
codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php.
Affected configurations
Node
pgyercodefeverRange<2023-02-07
| CPE | Name | Operator | Version |
|---|---|---|---|
| pgyer:codefever | pgyer codefever | lt | 2023-02-07 |
References
Related
prion
prion
Remote code execution
2023-04-07 03:15:00
cvelist
cvelist
CVE-2023-26817
2023-04-07 00:00:00
nvd
nvd
CVE-2023-26817
2023-04-07 03:15:06
wallarmlab
wallarmlab
ChatGPT: Friend or Foe? | API Security Newsletter
2023-05-16 13:58:20
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
54.3%
Related for CVE-2023-26817