admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-463xx/CVE-2023-46304.json
cad-safe-bot 44c903429f Auto-Update: 2024-07-03T02:00:33.205262+00:00
2024-07-03 02:03:28 +00:00

72 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-46304",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-30T13:15:46.763",
"lastModified": "2024-07-03T01:42:01.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load)."
},
{
"lang": "es",
"value": "module/Users/models/Module.php en Vtiger CRM 7.5.0 permite que un atacante remoto autenticado ejecute c\u00f3digo PHP arbitrario porque un endpoint desprotegido le permite escribir este c\u00f3digo en el archivo config.inc.php (ejecutado en cada carga de p\u00e1gina) ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/Users/models/Module.php",
"source": "cve@mitre.org"
},
{
"url": "https://code.vtiger.com/vtiger/vtigercrm/-/commit/317f9ca88b6bbded11058f20a1d232717c360d43",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/jselliott/CVE-2023-46304",
"source": "cve@mitre.org"
},
{
"url": "https://www.vtiger.com/",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink