CVE-2023-1484

A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.
References
Link Resource
https://gitee.com/xzjie/cms/issues/I6INIT Exploit Issue Tracking Vendor Advisory
https://vuldb.com/?ctiid.223367 Permissions Required Third Party Advisory
https://vuldb.com/?id.223367 Permissions Required Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:xzjie_cms_project:xzjie_cms:*:*:*:*:*:*:*:*

History

24 Mar 2023, 18:30

Type Values Removed Values Added
First Time Xzjie Cms Project
Xzjie Cms Project xzjie Cms
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:xzjie_cms_project:xzjie_cms:*:*:*:*:*:*:*:*
References (MISC) https://vuldb.com/?ctiid.223367 - (MISC) https://vuldb.com/?ctiid.223367 - Permissions Required, Third Party Advisory
References (MISC) https://gitee.com/xzjie/cms/issues/I6INIT - (MISC) https://gitee.com/xzjie/cms/issues/I6INIT - Exploit, Issue Tracking, Vendor Advisory
References (MISC) https://vuldb.com/?id.223367 - (MISC) https://vuldb.com/?id.223367 - Permissions Required, Third Party Advisory

18 Mar 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-18 10:15

Updated : 2024-03-21 02:45


NVD link : CVE-2023-1484

Mitre link : CVE-2023-1484

CVE.ORG link : CVE-2023-1484


JSON object : View

Products Affected

xzjie_cms_project

  • xzjie_cms
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type