Lucene search

[email protected]CVE-2024-5673

HistoryJun 06, 2024 - 11:15 a.m.

CVE-2024-5673

2024-06-0611:15:49

CWE-79

[email protected]

web.nvd.nist.gov

xss

javascript

browser hijack

vulnerability

file manager

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Vulnerability in Dulldusk’s PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.

Affected configurations

Vulners

NVD

Node

dullduskphp_file_managerRange≤1.7.8

CPENameOperatorVersion
dulldusk:phpfilemanagerdulldusk phpfilemanagereq1.7.8

CPE	Name	Operator	Version
dulldusk:phpfilemanager	dulldusk phpfilemanager	eq	1.7.8

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PHP File Manager",
    "vendor": "Dulldusk",
    "versions": [
      {
        "status": "affected",
        "version": "1.7.8"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-php-file-manager-dulldusk

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2024-5673

vulnrichment1 nvd1 cvelist1