Lucene search

GoogleOSV:CVE-2023-46157

HistoryDec 08, 2023 - 1:15 p.m.

CVE-2023-46157

2023-12-0813:15:07

Google

osv.dev

file-manager

mgt cloudpanel

os command injection

file ownership

file permissions

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.

CPENameOperatorVersion
cloudpanel-ceeq2.0.1
cloudpanel-ceeq2.3.0
cloudpanel-ceeq2.0.0
cloudpanel-ceeq2.3.1
cloudpanel-ceeq2.1.0
cloudpanel-ceeq2.4.0
cloudpanel-ceeq2.3.2
cloudpanel-ceeq2.2.0
cloudpanel-ceeq2.2.2
cloudpanel-ceeq2.0.4

Name	Operator	Version
cloudpanel-ce	eq	2.0.1
cloudpanel-ce	eq	2.3.0
cloudpanel-ce	eq	2.0.0
cloudpanel-ce	eq	2.3.1
cloudpanel-ce	eq	2.1.0
cloudpanel-ce	eq	2.4.0
cloudpanel-ce	eq	2.3.2
cloudpanel-ce	eq	2.2.0
cloudpanel-ce	eq	2.2.2
cloudpanel-ce	eq	2.0.4

Rows per page:

1-10 of 141

References

www.cloudpanel.io/docs/v2/changelog/

www.mgt-commerce.com/docs/mgt-cloudpanel/dashboard

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for OSV:CVE-2023-46157