exploitDog

CVE-2023-24689

Опубликовано: 09 фев. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx

Ссылки

https://github.com/blakduk/Advisories/blob/main/Mojoportal/README.md
Exploit
Third Party Advisory
https://www.mojoportal.com/
Product
https://github.com/blakduk/Advisories/blob/main/Mojoportal/README.md
Exploit
Third Party Advisory
https://www.mojoportal.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mojoportal:mojoportal:2.7.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00382

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-c3qc-xqj2-mqfj

CVSS3: 4.3

github

почти 3 года назад

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx

EPSS

Процентиль: 59%

0.00382

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-22

CWE-22