ZZZCMS 2.1.7 Database Backup File /admin/save.php restore ବିସ୍ତାରିତ ଅଧିକାର
Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame ZZZCMS 2.1.7 keessatti argameera. Miidhamni argame is hojii restore faayilii /admin/save.php keessa kutaa Database Backup File Handler keessa. Wanti jijjiirame gara ବିସ୍ତାରିତ ଅଧିକାର geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-275 si geessa. Odeeffannoon kun yeroo 09/29/2023 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti argama.
Dogoggorri kun CVE-2023-5263 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Waan dabalataa ta’een, meeshaa balaa kana fayyadamuuf ni jira. Qorannoo miidhaa (exploit) uummataaf ifa taasifameera, kanaafis fayyadamuu ni danda'ama. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a.
ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ ta’uu isaa ibsameera. Exploit github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
2 ଆଡାପ୍ଟେସନ୍ · 72 ପଏଣ୍ଟ
| ଫିଲ୍ଡ | ସୃଷ୍ଟି ହୋଇଛି 09/29/2023 07:30 AM | ଅଦ୍ୟତନ 1/1 10/22/2023 08:50 AM |
|---|---|---|
| cvss3_vuldb_a | L | L |
| cvss3_vuldb_e | P | P |
| cvss3_vuldb_rc | R | R |
| advisory_url | https://github.com/yhy217/zzzcms-vul/issues/1 | https://github.com/yhy217/zzzcms-vul/issues/1 |
| exploit_availability | 1 | 1 |
| exploit_publicity | 1 | 1 |
| exploit_url | https://github.com/yhy217/zzzcms-vul/issues/1 | https://github.com/yhy217/zzzcms-vul/issues/1 |
| source_cve | CVE-2023-5263 | CVE-2023-5263 |
| cna_responsible | VulDB | VulDB |
| software_name | ZZZCMS | ZZZCMS |
| software_version | 2.1.7 | 2.1.7 |
| software_component | Database Backup File Handler | Database Backup File Handler |
| software_file | /admin/save.php | /admin/save.php |
| software_function | restore | restore |
| vulnerability_cwe | CWE-275 (ବିସ୍ତାରିତ ଅଧିକାର) | CWE-275 (ବିସ୍ତାରିତ ଅଧିକାର) |
| vulnerability_risk | 2 | 2 |
| cvss3_vuldb_av | N | N |
| cvss3_vuldb_ac | L | L |
| cvss3_vuldb_ui | N | N |
| cvss3_vuldb_s | U | U |
| cvss3_vuldb_c | L | L |
| cvss3_vuldb_i | L | L |
| advisory_date | 1695938400 (09/29/2023) | 1695938400 (09/29/2023) |
| software_type | Content Management System | Content Management System |
| cvss2_vuldb_av | N | N |
| cvss2_vuldb_ac | L | L |
| cvss2_vuldb_ci | P | P |
| cvss2_vuldb_ii | P | P |
| cvss2_vuldb_ai | P | P |
| cvss2_vuldb_e | POC | POC |
| cvss2_vuldb_rc | UR | UR |
| cvss2_vuldb_au | S | S |
| cvss2_vuldb_rl | ND | ND |
| cvss3_vuldb_pr | L | L |
| cvss3_vuldb_rl | X | X |
| cvss2_vuldb_basescore | 6.5 | 6.5 |
| cvss2_vuldb_tempscore | 5.6 | 5.6 |
| cvss3_vuldb_basescore | 6.3 | 6.3 |
| cvss3_vuldb_tempscore | 5.7 | 5.7 |
| cvss3_meta_basescore | 6.3 | 7.1 |
| cvss3_meta_tempscore | 5.7 | 6.9 |
| price_0day | $0-$5k | $0-$5k |
| cve_assigned | 1695938400 (09/29/2023) | |
| cve_nvd_summary | A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872. | |
| cvss3_nvd_av | N | |
| cvss3_nvd_ac | L | |
| cvss3_nvd_pr | L | |
| cvss3_nvd_ui | N | |
| cvss3_nvd_s | U | |
| cvss3_nvd_c | H | |
| cvss3_nvd_i | H | |
| cvss3_nvd_a | H | |
| cvss2_nvd_av | N | |
| cvss2_nvd_ac | L | |
| cvss2_nvd_au | S | |
| cvss2_nvd_ci | P | |
| cvss2_nvd_ii | P | |
| cvss2_nvd_ai | P | |
| cvss3_cna_av | N | |
| cvss3_cna_ac | L | |
| cvss3_cna_pr | L | |
| cvss3_cna_ui | N | |
| cvss3_cna_s | U | |
| cvss3_cna_c | L | |
| cvss3_cna_i | L | |
| cvss3_cna_a | L | |
| cve_cna | VulDB | |
| cvss2_nvd_basescore | 6.5 | |
| cvss3_nvd_basescore | 8.8 | |
| cvss3_cna_basescore | 6.3 |