CVE-2023-24108

Published: Feb 22, 2023Modified: Dec 5, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.

Affected (1)

Products: Zetacomponents: Mvctools

Zetacomponents

1 product

Mvctools

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zetacomponents Mvctools	Version 2008-09-23

Related CWEs

CWE-912

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (6)

https://github.com/zetacomponents/MvcTools/

Source: cve@mitre.org

Product

https://github.com/zetacomponents/MvcTools/issues/12

Source: cve@mitre.org

Exploit

https://mirrors.neusoft.edu.cn/pypi/web/simple/request/

Source: cve@mitre.org

Broken Link

https://github.com/zetacomponents/MvcTools/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/zetacomponents/MvcTools/issues/12

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://mirrors.neusoft.edu.cn/pypi/web/simple/request/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.