CVE-2023-6907

🗓️ 18 Dec 2023 00:31:03Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 46 Views🌐 WEB

Vulnerability in codelyfe Stupid Simple CMS up to 1.2.4 - improper authenticatio

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2023-6907	12 Jan 202407:02	–	circl
CNNVD	Stupid Simple CMS Authorization Issues Vulnerability	18 Dec 202300:00	–	cnnvd
Cvelist	CVE-2023-6907 codelyfe Stupid Simple CMS Deletion Interface delete.php improper authentication	18 Dec 202300:31	–	cvelist
EUVD	EUVD-2023-59108	3 Oct 202520:07	–	euvd
NVD	CVE-2023-6907	18 Dec 202304:15	–	nvd
Prion	Authentication flaw	18 Dec 202304:15	–	prion
Positive Technologies	PT-2023-32815 · Codelyfe · Codelyfe Stupid Simple Cms	18 Dec 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-6907	23 May 202504:16	–	redhatcve

NVD

Vulners

Node

codelyfe stupid_simple_cmsRange≤1.2.4

[
  {
    "vendor": "codelyfe",
    "product": "Stupid Simple CMS",
    "versions": [
      {
        "version": "1.2.0",
        "status": "affected"
      },
      {
        "version": "1.2.1",
        "status": "affected"
      },
      {
        "version": "1.2.2",
        "status": "affected"
      },
      {
        "version": "1.2.3",
        "status": "affected"
      },
      {
        "version": "1.2.4",
        "status": "affected"
      }
    ],
    "modules": [
      "Deletion Interface"
    ]
  }
]

Source	Link
github	www.github.com/g1an123/POC/blob/main/Unauthorized%20file%20deletion.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
file	query param	file-manager/delete.php	Improper authentication via manipulation of the file argument in the deletion endpoint.	CWE-287

17 Jun 2026 06:51Current

7.5High risk

Vulners AI Score7.5

CVSS 3.15.4 - 9.1

CVSS 24.8

CVSS 35.4

EPSS0.01201

CWE-287