exploitDog

CVE-2023-24686

Опубликовано: 09 фев. 2023

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file.

Ссылки

http://churchcrm.io/
Product
https://github.com/ChurchCRM/CRM
Product
https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md
Exploit
Third Party Advisory
http://churchcrm.io/
Product
https://github.com/ChurchCRM/CRM
Product
https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*

Версия до 4.5.3 (включая)

EPSS

Процентиль: 34%

0.00139

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-32cm-387p-hxf5

CVSS3: 4.8

github

почти 3 года назад

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file.

EPSS

Процентиль: 34%

0.00139

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

CWE-79