Vulners
Lucene search
CVE-2023-41425
ποΈΒ 07 Nov 2023Β 00:00:00Reported byΒ mitreTypeΒ 
Β cveπΒ web.nvd.nist.govπΒ 218Β Viewsπ WEB
| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
 | Exploit for Cross-site Scripting in Wondercms | 30 Nov 202418:34 | β | githubexploit |
| Exploit for Cross-site Scripting in Wondercms | 24 Nov 202417:39 | β | githubexploit |
| Exploit for Cross-site Scripting in Wondercms | 11 Aug 202416:43 | β | githubexploit |
| Exploit for Cross-site Scripting in Wondercms | 1 Jul 202516:28 | β | githubexploit |
| Exploit for Cross-site Scripting in Wondercms | 5 Nov 202315:06 | β | githubexploit |
| Exploit for Cross-site Scripting in Wondercms | 22 Dec 202411:53 | β | githubexploit |
| Exploit for Cross-site Scripting in Wondercms | 3 Sep 202409:59 | β | githubexploit |
| Exploit for Cross-site Scripting in Wondercms | 2 Oct 202414:05 | β | githubexploit |
| Exploit for Cross-site Scripting in Wondercms | 27 Aug 202416:10 | β | githubexploit |
| Exploit for Cross-site Scripting in Wondercms | 30 Oct 202415:38 | β | githubexploit |
10
| Source | Link |
|---|---|
| wondercms | www.wondercms.com/ |
| gist | www.gist.github.com/prodigiousMind/fc69a79629c4ba9ee88a7ad526043413 |
| packetstorm | www.packetstorm.news/files/id/190575/ |
| exploit-db | www.exploit-db.com/exploits/52271 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| installModule | query param | /?installModule= | Authenticated file upload vulnerability via installModule endpoint to install a malicious ZIP leading to RCE | CWE-79 |
| directoryName | query param | /?installModule= | Authenticated file upload vulnerability via installModule endpoint to install a malicious ZIP leading to RCE | CWE-79 |
| type | query param | /?installModule= | Authenticated file upload vulnerability via installModule endpoint to install a malicious ZIP leading to RCE | CWE-79 |
| token | query param | /?installModule= | Authenticated file upload vulnerability via installModule endpoint to install a malicious ZIP leading to RCE | CWE-79 |
| php_file | path | /themes/{php_file} | Access to uploaded PHP payload in the themes directory used for RCE | CWE-79 |
Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Apr 2025 19:15Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.16.1
EPSS0.91079
SSVC