Lucene search

K
cve[email protected]CVE-2023-37692
HistoryJul 26, 2023 - 9:15 p.m.

CVE-2023-37692

2023-07-2621:15:10
CWE-79
web.nvd.nist.gov
29
arbitrary file upload
vulnerability
october cms
v3.4.4
execute arbitrary code
crafted file

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file.

Affected configurations

NVD
Node
octobercmsoctoberMatch3.4.4

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

Related for CVE-2023-37692