CVE-2025-2639

Опубликовано: 23 мар. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 5.3

CVSS2: 4

EPSS Низкий

Описание

A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control3.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.300640
Permissions Required
VDB Entry
https://vuldb.com/?id.300640
Permissions Required
VDB Entry
https://vuldb.com/?submit.519634
Third Party Advisory
VDB Entry
https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control3.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jizhicms:jizhicms:*:*:*:*:*:*:*:*

Версия до 1.7 (включая)

EPSS

Процентиль: 23%

0.00073

Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-266

NVD-CWE-noinfo

Связанные уязвимости

GHSA-847c-3v8q-4f53

CVSS3: 4.3

github

11 месяцев назад

EPSS

Процентиль: 23%

0.00073

Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-266

NVD-CWE-noinfo