CVE-2023-31689

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-31689
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31689.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-31689
Published
2023-05-22T20:15:10Z
Modified
2025-01-28T17:50:07.448352Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution.

References

Affected packages

Git / github.com/vedees/wcms

Affected ranges

Type
GIT
Repo
https://github.com/vedees/wcms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

0.*

0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.6.1
0.0.7
0.0.8
0.0.9
0.1.0
0.1.1
0.1.2
0.1.2.1
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.2.0
0.2.1
0.2.2
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.3.0
0.3.1
0.3.2

1.*

1.1.3