exploitDog

CVE-2023-28614

Опубликовано: 15 сент. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.

Ссылки

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0012.md
Third Party Advisory
https://www.freewillsolutions.com/smart-trade-ifis
Product
https://www.kb.cert.org/vuls/id/947701
Third Party Advisory
US Government Resource
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0012.md
Third Party Advisory
https://www.freewillsolutions.com/smart-trade-ifis
Product
https://www.kb.cert.org/vuls/id/947701
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freewillsolutions:smart_trade:20.01.01.04:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03157

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-fj5h-q7c9-6wrx

CVSS3: 9.8

github

больше 2 лет назад

Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.

EPSS

Процентиль: 87%

0.03157

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78