Lucene search

[email protected]NVD:CVE-2023-42321

HistorySep 20, 2023 - 9:15 p.m.

CVE-2023-42321

2023-09-2021:15:11

CWE-352

[email protected]

web.nvd.nist.gov

cross site request forgery

csrf

icmsv 7.0.16

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.9%

JSON

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.

Affected configurations

Nvd

Node

icmsdevicmsMatch7.0.16

VendorProductVersionCPE
icmsdevicms7.0.16cpe:2.3:a:icmsdev:icms:7.0.16:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
icmsdev	icms	7.0.16	cpe:2.3:a:icmsdev:icms:7.0.16:::::::*

References

gist.github.com/ChubbyZ/cb4b8fd818846dec3e9d70863e7955bc

www.icmsdev.com/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.9%

JSON

Related for NVD:CVE-2023-42321

cve1 prion1 cvelist1