CVE-2023-42331 : A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execut

A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.

Published 2023-09-20 20:15:12

Updated 2023-10-13 01:19:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-42331

Elitecms » Elite Cms » Version: 1.01
cpe:2.3:a:elitecms:elite_cms:1.01:*:*:*:-:*:*:*
Matching versions

EPSS FAQ

0.55%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: nvd@nist.gov (Primary)

https://github.com/Num-Nine/CVE/issues/2

Any file is uploaded to eliteCMS · Issue #2 · Num-Nine/CVE · GitHub
Exploit;Issue Tracking;Third Party Advisory
https://github.com/Num-Nine/CVE/issues/4

Any file is uploaded to eliteCMS1.01 · Issue #4 · Num-Nine/CVE · GitHub
Exploit;Issue Tracking;Third Party Advisory
https://github.com/Num-Nine/CVE/wiki/Any-file-is-uploaded-to-eliteCMS1.01

Any file is uploaded to eliteCMS1.01 · Num-Nine/CVE Wiki · GitHub
Exploit

Jump to