CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
79.0%
MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection (CWE-94) vulnerability due to a flaw when configuring the database during installation.
An unauthenticated attacker who can execute the installer may execute arbitrary PHP code on the server where MATCHA SNS resides.
Update the Software
Update to the latest version according to the information provided by the developer.