Lucene search

INCDCVE-2023-39377

HistorySep 27, 2023 - 3:18 p.m.

CVE-2023-39377

2023-09-2715:18:56

CWE-434

INCD

web.nvd.nist.gov

siberiancms

cve-2023-39377

cwe-434

unrestricted upload

file

dangerous type

nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method

Affected configurations

Nvd

Node

siberiancmssiberiancmsRange4.0.0–4.20.44

siberiancmssiberiancmsRange5.0.0–5.0.4

VendorProductVersionCPE
siberiancmssiberiancms*cpe:2.3:a:siberiancms:siberiancms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siberiancms	siberiancms	*	cpe:2.3:a:siberiancms:siberiancms::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SiberianCMS",
    "vendor": "SiberianCMS",
    "versions": [
      {
        "lessThanOrEqual": "upgrade to version 4.20.44 or 5.0.4",
        "status": "affected",
        "version": "versions 4.*, 5.*",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for CVE-2023-39377