Lucene search

[email protected]NVD:CVE-2023-49006

HistoryDec 19, 2023 - 10:15 a.m.

CVE-2023-49006

2023-12-1910:15:07

CWE-352

[email protected]

web.nvd.nist.gov

cross site request forgery

phpsysinfo

xml.php

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.0%

JSON

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.

Affected configurations

NVD

Node

phpsysinfophpsysinfoMatch3.4.3

References

github.com/Hebing123/cve/issues/5

github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45

huntr.com/bounties/ca6d669f-fd82-4188-aae2-69e08740d982/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for NVD:CVE-2023-49006

debiancve1 github1 osv2 prion1 cvelist1 veracode1 ubuntucve1 cve1