Lucene search

[email protected]NVD:CVE-2023-39377

HistorySep 27, 2023 - 3:18 p.m.

CVE-2023-39377

2023-09-2715:18:56

CWE-434

[email protected]

web.nvd.nist.gov

siberiancms

unrestricted upload

dangerous file type

cve-2023-39377

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%

JSON

SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method

Affected configurations

Nvd

Node

siberiancmssiberiancmsRange4.0.0–4.20.44

siberiancmssiberiancmsRange5.0.0–5.0.4

VendorProductVersionCPE
siberiancmssiberiancms*cpe:2.3:a:siberiancms:siberiancms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siberiancms	siberiancms	*	cpe:2.3:a:siberiancms:siberiancms::::::::

References

www.gov.il/en/Departments/faq/cve_advisories

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%

JSON

Related for NVD:CVE-2023-39377

vulnrichment1 prion1 cvelist1 osv1 cve1