CVE-2023-2551

Published: May 5, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.

Affected (1)

Products: Bumsys Project: Bumsys

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bumsys Project Bumsys	Before 2.1.1

Related CWEs

Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

References (4)

https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a

Source: security@huntr.dev

Patch

https://huntr.dev/bounties/5723613c-55c6-4f18-9ed3-61ad44f5de9c

Source: security@huntr.dev

ExploitThird Party Advisory

https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://huntr.dev/bounties/5723613c-55c6-4f18-9ed3-61ad44f5de9c

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.