Lucene search
GoogleOSV:CVE-2023-37602HistoryJul 20, 2023 - 7:15 p.m.
CVE-2023-37602
2023-07-2019:15:10
Google
osv.dev
6
arbitrary file upload
alkacon opencms v15.0
workplace explorer
crafted png file
executable code
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
8
Confidence
High
EPSS
0.002
Percentile
55.5%
An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
References
Related
nvd
nvd
CVE-2023-37602
2023-07-20 19:15:10
cve
cve
CVE-2023-37602
2023-07-20 19:15:10
osv
osv
Alkacon OpenCMS arbitrary file upload vulnerability
2023-07-20 21:30:58
veracode
veracode
Cross Site Scripting (XSS)
2023-07-25 05:21:39
prion
prion
Privilege escalation
2023-07-20 19:15:00
cvelist
cvelist
CVE-2023-37602
2023-07-20 00:00:00
github
github
Alkacon OpenCMS arbitrary file upload vulnerability
2023-07-20 21:30:58
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
8
Confidence
High
EPSS
0.002
Percentile
55.5%
Related for OSV:CVE-2023-37602