CVE-2023-1482

Published: Mar 18, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223365 was assigned to this vulnerability.

Affected (1)

Products: Hkcms Project: Hkcms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hkcms Project Hkcms	Version 2.2.4.230206

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

https://gitee.com/Hk_Cms/HkCms/issues/I6J7ZD

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.223365

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?id.223365

Source: cna@vuldb.com

Third Party Advisory

https://gitee.com/Hk_Cms/HkCms/issues/I6J7ZD

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.223365

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://vuldb.com/?id.223365

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.