exploitDog

CVE-2023-24108

Опубликовано: 22 фев. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.

Ссылки

https://github.com/zetacomponents/MvcTools/
Product
https://github.com/zetacomponents/MvcTools/issues/12
Exploit
https://mirrors.neusoft.edu.cn/pypi/web/simple/request/
Broken Link
https://github.com/zetacomponents/MvcTools/
Product
https://github.com/zetacomponents/MvcTools/issues/12
Exploit
https://mirrors.neusoft.edu.cn/pypi/web/simple/request/
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zetacomponents:mvctools:2008-09-23:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00196

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-912

Связанные уязвимости

GHSA-jmvj-m3cp-jpmf

CVSS3: 9.8

github

почти 3 года назад

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.

EPSS

Процентиль: 41%

0.00196

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-912