exploitDog

CVE-2023-26968

Опубликовано: 29 мар. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload.

Ссылки

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/atrocore/atrocore-1.5.25
Exploit
Third Party Advisory
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/atrocore/atrocore-1.5.25
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atrocore:atrocore:1.5.25:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00232

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-9g5p-c7vc-45f7

CVSS3: 9.8

github

почти 3 года назад

In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload.

EPSS

Процентиль: 46%

0.00232

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434