exploitDog

CVE-2023-28413

Опубликовано: 23 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.

Ссылки

https://jvn.jp/en/jp/JVN01093915/
Third Party Advisory
https://snow-monkey.2inc.org/2023/04/28/snow-monkey-forms-v5-0-7/
Release Notes
https://jvn.jp/en/jp/JVN01093915/
Third Party Advisory
https://snow-monkey.2inc.org/2023/04/28/snow-monkey-forms-v5-0-7/
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:snow_monkey_forms_project:snow_monkey_forms:*:*:*:*:*:wordpress:*:*

Версия до 5.0.6 (включая)

EPSS

Процентиль: 90%

0.05972

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-h2cx-cfgv-2g8f

CVSS3: 9.8

github

больше 2 лет назад

Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.

EPSS

Процентиль: 90%

0.05972

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22