Lucene search

[email protected]NVD:CVE-2023-25402

HistoryMar 03, 2023 - 11:15 p.m.

CVE-2023-25402

2023-03-0323:15:12

CWE-434

[email protected]

web.nvd.nist.gov

cleverstupiddog

yf-exam

file upload

vulnerability

suffix

uploaded file

restriction

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

29.9%

JSON

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload.

Affected configurations

Nvd

Node

yf-exam_projectyf-examMatch1.8.0

VendorProductVersionCPE
yf-exam_projectyf-exam1.8.0cpe:2.3:a:yf-exam_project:yf-exam:1.8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yf-exam_project	yf-exam	1.8.0	cpe:2.3:a:yf-exam_project:yf-exam:1.8.0:::::::*

References

github.com/CleverStupidDog/yf-exam/issues/1

github.com/Fw-fW-fw/UPDATE-CVE/blob/main/CVE-2023-25402

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

29.9%

JSON

Related for NVD:CVE-2023-25402

prion1 cve1 cvelist1