CVE-2023-46157

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-46157

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46157.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46157

Published

2023-12-08T13:15:07.193Z

Modified

2026-03-14T12:21:26.670849Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.

References

Affected packages

Git / github.com/cloudpanel-io/cloudpanel-ce

Affected ranges

Type

GIT

Repo

https://github.com/cloudpanel-io/cloudpanel-ce

Events

Introduced

3af11e531206d2c05a206c34c039547ccdd3d1d7

Last affected

dc1c54dad7feff85f6f3608ee3965f455f067db2

Database specific

{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.3.2"
        }
    ]
}

Affected versions

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.1.0

v2.2.0

v2.2.1

v2.2.2

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.4.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46157.json"