cvelist/2023/0xxx/CVE-2023-0651.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-0651",
        "ASSIGNER": "cna@vuldb.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability."
            },
            {
                "lang": "deu",
                "value": "Es wurde eine kritische Schwachstelle in FastCMS 0.1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Komponente Template Management. Mittels dem Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-434 Unrestricted Upload",
                        "cweId": "CWE-434"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "n/a",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "FastCMS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "0.1.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://vuldb.com/?id.220038",
                "refsource": "MISC",
                "name": "https://vuldb.com/?id.220038"
            },
            {
                "url": "https://vuldb.com/?ctiid.220038",
                "refsource": "MISC",
                "name": "https://vuldb.com/?ctiid.220038"
            },
            {
                "url": "https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md",
                "refsource": "MISC",
                "name": "https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md"
            },
            {
                "url": "https://github.com/linmoren/fastcms_bug/blob/main/password.zip",
                "refsource": "MISC",
                "name": "https://github.com/linmoren/fastcms_bug/blob/main/password.zip"
            }
        ]
    },
    "credits": [
        {
            "lang": "en",
            "value": "yanfei.chen (VulDB User)"
        }
    ],
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "baseScore": 6.3,
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "baseSeverity": "MEDIUM"
            },
            {
                "version": "3.0",
                "baseScore": 6.3,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "baseSeverity": "MEDIUM"
            },
            {
                "version": "2.0",
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
            }
        ]
    }
}
"-Synchronized-Data." 2023-02-02 14:00:35 +00:00			`{`
"-Synchronized-Data." 2023-02-02 16:00:36 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-02-02 14:00:35 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2023-0651",`
"-Synchronized-Data." 2023-02-02 16:00:36 +00:00			`"ASSIGNER": "cna@vuldb.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-02-02 14:00:35 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2023-02-02 16:00:36 +00:00			`"value": "A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability."`
			`},`
			`{`
			`"lang": "deu",`
			`"value": "Es wurde eine kritische Schwachstelle in FastCMS 0.1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Komponente Template Management. Mittels dem Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-434 Unrestricted Upload",`
			`"cweId": "CWE-434"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "n/a",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "FastCMS",`
			`"version": {`
			`"version_data": [`
			`{`
"-Synchronized-Data." 2023-10-20 21:00:41 +00:00			`"version_affected": "=",`
			`"version_value": "0.1.0"`
"-Synchronized-Data." 2023-02-02 16:00:36 +00:00			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://vuldb.com/?id.220038",`
			`"refsource": "MISC",`
			`"name": "https://vuldb.com/?id.220038"`
			`},`
			`{`
			`"url": "https://vuldb.com/?ctiid.220038",`
			`"refsource": "MISC",`
			`"name": "https://vuldb.com/?ctiid.220038"`
			`},`
			`{`
			`"url": "https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md",`
			`"refsource": "MISC",`
			`"name": "https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md"`
			`},`
			`{`
			`"url": "https://github.com/linmoren/fastcms_bug/blob/main/password.zip",`
			`"refsource": "MISC",`
			`"name": "https://github.com/linmoren/fastcms_bug/blob/main/password.zip"`
			`}`
			`]`
			`},`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "yanfei.chen (VulDB User)"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"version": "3.1",`
			`"baseScore": 6.3,`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",`
			`"baseSeverity": "MEDIUM"`
			`},`
			`{`
			`"version": "3.0",`
			`"baseScore": 6.3,`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",`
			`"baseSeverity": "MEDIUM"`
			`},`
			`{`
			`"version": "2.0",`
			`"baseScore": 6.5,`
"-Synchronized-Data." 2023-10-20 21:00:41 +00:00			`"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"`
"-Synchronized-Data." 2023-02-02 14:00:35 +00:00			`}`
			`]`
			`}`
			`}`