PT-2023-26906 · Unknown · Siberiancms

🗓️ 26 Sep 2023 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 2 Views

Malicious users may upload dangerous filetypes in SiberianCMS with administrative privileges issue exists

Reporter	Title	Published	Views	Family All 7
CNNVD	SiberianCMS Code Issues Vulnerabilities	27 Sep 202300:00	–	cnnvd
CVE	CVE-2023-39377	26 Sep 202309:22	–	cve
Cvelist	CVE-2023-39377 SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method	26 Sep 202309:22	–	cvelist
EUVD	EUVD-2023-43102	3 Oct 202520:07	–	euvd
NVD	CVE-2023-39377	27 Sep 202315:18	–	nvd
Prion	Design/Logic Flaw	27 Sep 202315:18	–	prion
Vulnrichment	CVE-2023-39377 SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method	26 Sep 202309:22	–	vulnrichment

Source	Link
osv	www.osv.dev/vulnerability/CVE-2023-39377
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-39377
gov	www.gov.il/en/Departments/faq/cve_advisories
twitter	www.twitter.com/CVEnew/status/1706601413537910996
twitter	www.twitter.com/cracbot/status/1707274000806932837

27 Sep 2023 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.17.2

EPSS0.00347

SSVC

siberiancms vulnerability file upload risk administrative privileges unrestricted file types