CVE-2023-7150

Опубликовано: 29 дек. 2023

Источник: nvd

CVSS3: 4.7

CVSS3: 8.8

CVSS2: 5.8

EPSS Низкий

Описание

A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability.

Ссылки

https://github.com/laoquanshi/-Arbitrary-file-upload-vulnerability-
Third Party Advisory
https://github.com/laoquanshi/Chic-Vulnerability-
Product
https://vuldb.com/?ctiid.249157
Permissions Required
VDB Entry
https://vuldb.com/?id.249157
Permissions Required
Third Party Advisory
VDB Entry
https://github.com/laoquanshi/-Arbitrary-file-upload-vulnerability-
Third Party Advisory
https://github.com/laoquanshi/Chic-Vulnerability-
Product
https://vuldb.com/?ctiid.249157
Permissions Required
VDB Entry
https://vuldb.com/?id.249157
Permissions Required
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:campcodes:chic_beauty_salon:20230703:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.0013

Низкий

4.7 Medium

CVSS3

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-25hx-r8gp-cvx8

CVSS3: 4.7

github

больше 1 года назад

A vulnerability classified as critical was found in Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability.

EPSS

Процентиль: 33%

0.0013

Низкий

4.7 Medium

CVSS3

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-434