Lucene search

@huntrdevCVELIST:CVE-2023-3692

HistoryJul 16, 2023 - 12:00 a.m.

CVE-2023-3692 Unrestricted Upload of File with Dangerous Type in admidio/admidio

2023-07-1600:00:20

CWE-434

@huntrdev

www.cve.org

unrestricted upload

file type

github repository

vulnerability

admidio

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

36.8%

JSON

Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.

CNA Affected

[
  {
    "vendor": "admidio",
    "product": "admidio/admidio",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "4.2.10",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/admidio/admidio/commit/d66585d14b1160712a8a9bfaf9769dd3da0e9a83

huntr.dev/bounties/be6616eb-384d-40d6-b1fd-0ec9e4973f12

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

36.8%

JSON

Related for CVELIST:CVE-2023-3692