Lucene search

[email protected]NVD:CVE-2023-38941

HistoryAug 04, 2023 - 12:15 a.m.

CVE-2023-38941

2023-08-0400:15:13

CWE-77

[email protected]

web.nvd.nist.gov

cve-2023-38941

django-sspanel

remote command execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.6%

JSON

django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post.

Affected configurations

Nvd

Node

ehco1996django-sspanelMatch2022.2.2

VendorProductVersionCPE
ehco1996django-sspanel2022.2.2cpe:2.3:a:ehco1996:django-sspanel:2022.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ehco1996	django-sspanel	2022.2.2	cpe:2.3:a:ehco1996:django-sspanel:2022.2.2:::::::*

References

github.com/Ehco1996/django-sspanel

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.6%

JSON

Related for NVD:CVE-2023-38941

osv1 cvelist1 prion1 cve1