Vulnerability Details : CVE-2023-3231
A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability.
Vulnerability category: Information leak
Products affected by CVE-2023-3231
- cpe:2.3:a:ujcms:ujcms:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3231
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3231
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:N/AC:H/Au:S/C:P/I:N/A:N |
3.9
|
2.9
|
VulDB | |
3.1
|
LOW | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.6
|
1.4
|
VulDB | |
3.1
|
LOW | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.6
|
1.4
|
VulDB | 2024-02-29 |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2023-3231
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: cna@vuldb.com (Secondary)
References for CVE-2023-3231
-
https://vuldb.com/?id.231502
CVE-2023-3231: UJCMS ZIP Package information disclosurePermissions Required
-
https://vuldb.com/?ctiid.231502
Permissions Required
-
https://github.com/ujcms/ujcms/issues/6
Ujcms v6.0.2 has a sensitive file reading problem · Issue #6 · ujcms/ujcms · GitHubExploit;Vendor Advisory
Jump to