CVE-2023-30090

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:sem-cms:semcms:4.2:*:*:*:*:*:*:*

History

11 May 2023, 14:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://github.com/xlccccc/vuln/tree/master/Semcms - (MISC) https://github.com/xlccccc/vuln/tree/master/Semcms - Product
CWE CWE-434
CPE cpe:2.3:a:sem-cms:semcms:4.2:*:*:*:*:*:*:*
First Time Sem-cms
Sem-cms semcms

05 May 2023, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-05 03:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-30090

Mitre link : CVE-2023-30090

CVE.ORG link : CVE-2023-30090


JSON object : View

Products Affected

sem-cms

  • semcms
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type