exploitDog

CVE-2023-4491

Опубликовано: 04 окт. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:easy_address_book_web_server_project:easy_address_book_web_server:1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00129

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-119

CWE-119

Связанные уязвимости

GHSA-5wvp-xjf2-pj96

CVSS3: 9.8

github

больше 2 лет назад

Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine.

EPSS

Процентиль: 33%

0.00129

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-119

CWE-119