CVE-2023-0647

Опубликовано: 02 фев. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 7.5

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability.

Ссылки

https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0kickPlayer%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/Dst-admin%201.5.0%20background%20kickPlayer%20interface%20remote%20command%20execution.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.220034
Third Party Advisory
https://vuldb.com/?id.220034
Third Party Advisory
https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0kickPlayer%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/Dst-admin%201.5.0%20background%20kickPlayer%20interface%20remote%20command%20execution.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.220034
Third Party Advisory
https://vuldb.com/?id.220034
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dst-admin_project:dst-admin:1.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02694

Низкий

6.3 Medium

CVSS3

7.5 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-8jw8-jr2v-gq8f

CVSS3: 7.5

github

около 3 лет назад

EPSS

Процентиль: 86%

0.02694

Низкий

6.3 Medium

CVSS3

7.5 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77