Lucene search

[email protected]NVD:CVE-2023-26857

HistoryApr 05, 2023 - 2:15 p.m.

CVE-2023-26857

2023-04-0514:15:07

CWE-434

[email protected]

web.nvd.nist.gov

arbitrary file upload

dynamic transaction queuing system

php file

code execution

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.1%

JSON

An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Affected configurations

Nvd

Node

dynamic_transaction_queuing_system_projectdynamic_transaction_queuing_systemMatch1.0

VendorProductVersionCPE
dynamic_transaction_queuing_system_projectdynamic_transaction_queuing_system1.0cpe:2.3:a:dynamic_transaction_queuing_system_project:dynamic_transaction_queuing_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dynamic_transaction_queuing_system_project	dynamic_transaction_queuing_system	1.0	cpe:2.3:a:dynamic_transaction_queuing_system_project:dynamic_transaction_queuing_system:1.0:::::::*

References

github.com/ctg503/bug_report/blob/main/vendors/oretnom23/dynamic-transaction-queuing-system/RCE-1.md

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.1%

JSON

Related for NVD:CVE-2023-26857

prion1 cvelist1 cve1