exploitDog

CVE-2023-4591

Опубликовано: 03 нояб. 2023

Источник: nvd

CVSS3: 7.5

CVSS3: 9.8

EPSS Низкий

Описание

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wpn-xm-serverstack
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wpn-xm-serverstack
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpn-xm:wpn-xm:0.8.6:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00088

Низкий

7.5 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-829

Связанные уязвимости

GHSA-6ff5-r6p2-hm4h

CVSS3: 7.5

github

больше 2 лет назад

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit.

EPSS

Процентиль: 25%

0.00088

Низкий

7.5 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-829