VDB-223367 · CVE-2023-1484 · I6INIT

xzjie cms up to 1.0.3 /api/upload uploadFile unrestricted upload

A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The CWE definition for the vulnerability is CWE-434. The weakness was disclosed 03/18/2023 as I6INIT. It is possible to read the advisory at gitee.com. The identification of this vulnerability is CVE-2023-1484. The attack may be initiated remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1608.002 according to MITRE ATT&CK. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

1	44

Field

vulnerability_cvss3_meta_tempscore	2
vulnerability_cvss3_meta_basescore	2
vulnerability_cvss3_cna_basescore	1
vulnerability_cvss3_nvd_basescore	1
vulnerability_cvss2_nvd_basescore	1

Commit Conf

90%	33
70%	25
50%	12

Approve Conf

90%	33
70%	25
80%	12

ID	Commited	User	Field	Change	Remarks	Accepted	Status	C
13941991	04/11/2023	VulD...	cvss3_cna_basescore	6.3	see CVSS documentation	04/11/2023	accepted	90
13941990	04/11/2023	VulD...	cvss3_nvd_basescore	9.8	nist.gov	04/11/2023	accepted	90
13941989	04/11/2023	VulD...	cvss2_nvd_basescore	6.5	nist.gov	04/11/2023	accepted	90
13941988	04/11/2023	VulD...	cvss3_meta_tempscore	7.4	see CVSS documentation	04/11/2023	accepted	90
13941987	04/11/2023	VulD...	cvss3_meta_basescore	7.5	see CVSS documentation	04/11/2023	accepted	90
13941986	04/11/2023	VulD...	cve_cna	VulDB	nvd.nist.gov	04/11/2023	accepted	70
13941985	04/11/2023	VulD...	cvss3_cna_a	L	nvd.nist.gov	04/11/2023	accepted	70
13941984	04/11/2023	VulD...	cvss3_cna_i	L	nvd.nist.gov	04/11/2023	accepted	70
13941983	04/11/2023	VulD...	cvss3_cna_c	L	nvd.nist.gov	04/11/2023	accepted	70
13941982	04/11/2023	VulD...	cvss3_cna_s	U	nvd.nist.gov	04/11/2023	accepted	70
13941981	04/11/2023	VulD...	cvss3_cna_ui	N	nvd.nist.gov	04/11/2023	accepted	70
13941980	04/11/2023	VulD...	cvss3_cna_pr	L	nvd.nist.gov	04/11/2023	accepted	70
13941979	04/11/2023	VulD...	cvss3_cna_ac	L	nvd.nist.gov	04/11/2023	accepted	70
13941978	04/11/2023	VulD...	cvss3_cna_av	N	nvd.nist.gov	04/11/2023	accepted	70
13941977	04/11/2023	VulD...	cvss2_nvd_ai	P	nvd.nist.gov	04/11/2023	accepted	70
13941976	04/11/2023	VulD...	cvss2_nvd_ii	P	nvd.nist.gov	04/11/2023	accepted	70
13941975	04/11/2023	VulD...	cvss2_nvd_ci	P	nvd.nist.gov	04/11/2023	accepted	70
13941974	04/11/2023	VulD...	cvss2_nvd_au	S	nvd.nist.gov	04/11/2023	accepted	70
13941973	04/11/2023	VulD...	cvss2_nvd_ac	L	nvd.nist.gov	04/11/2023	accepted	70
13941972	04/11/2023	VulD...	cvss2_nvd_av	N	nvd.nist.gov	04/11/2023	accepted	70

50 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 50 results.

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!