Lucene search

MitreCVE-2023-44973

HistoryOct 03, 2023 - 9:15 p.m.

CVE-2023-44973

2023-10-0321:15:10

CWE-434

mitre

web.nvd.nist.gov

cve-2023-44973

arbitrary file upload

emlog pro

security vulnerability

content templates

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

53.3%

JSON

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

Affected configurations

Nvd

Node

emlogemlogMatch2.2.0pro

VendorProductVersionCPE
emlogemlog2.2.0cpe:2.3:a:emlog:emlog:2.2.0:*:*:*:pro:*:*:*

Vendor	Product	Version	CPE
emlog	emlog	2.2.0	cpe:2.3:a:emlog:emlog:2.2.0::::pro:::

References

github.com/yangliukk/emlog/blob/main/Template-getshell.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

53.3%

JSON

Related for CVE-2023-44973