Lucene search
MitreCVE-2023-26546HistoryMay 02, 2023 - 8:15 p.m.
CVE-2023-26546
2023-05-0220:15:10
mitre
web.nvd.nist.gov
21
european chemicals agency
iuclid
cve-2023-26546
remote code execution
ssti
security vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.009
Percentile
83.3%
European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission.
Affected configurations
Node
echa.europaiuclidRange5.15.0–6.27.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| echa.europa | iuclid | * | cpe:2.3:a:echa.europa:iuclid:*:*:*:*:*:*:*:* |
Related
prion
prion
Sql injection
2023-05-02 20:15:00
cvelist
cvelist
CVE-2023-26546
2023-05-02 00:00:00
nvd
nvd
CVE-2023-26546
2023-05-02 20:15:10
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.009
Percentile
83.3%
Related for CVE-2023-26546