Lucene search

[email protected]NVD:CVE-2023-38330

HistoryAug 02, 2023 - 3:15 p.m.

CVE-2023-38330

2023-08-0215:15:10

CWE-434

[email protected]

web.nvd.nist.gov

cve-2023-38330

oxid eshop

file upload

http response splitting

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.

Affected configurations

Nvd

Node

oxid-esaleseshopRange6.5.0–6.5.3enterprise

VendorProductVersionCPE
oxid-esaleseshop*cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
oxid-esales	eshop	*	cpe:2.3:a:oxid-esales:eshop:::::enterprise:::*

References

bugs.oxid-esales.com/view.php?id=7479

docs.oxid-esales.com/de/security/security-bulletins.html#security-bulletin-2023-002

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Related for NVD:CVE-2023-38330

prion1 cve1 cvelist1