exploitDog

CVE-2023-49052

Опубликовано: 30 нояб. 2023

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.

Ссылки

https://github.com/Cyber-Wo0dy/CVE-2023-49052
Exploit
Patch
Third Party Advisory
https://github.com/Cyber-Wo0dy/report/blob/main/microweber/v2.0.4/microweber_unrestricted_upload
Exploit
Third Party Advisory
https://github.com/Cyber-Wo0dy/CVE-2023-49052
Exploit
Patch
Third Party Advisory
https://github.com/Cyber-Wo0dy/report/blob/main/microweber/v2.0.4/microweber_unrestricted_upload
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microweber:microweber:2.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.26275

Средний

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-2c7x-w3mx-h7p6

CVSS3: 8.8

github

около 2 лет назад

Microweber file upload vulnerability

EPSS

Процентиль: 96%

0.26275

Средний

8.8 High

CVSS3

Дефекты

CWE-434