CVE-2023-26323

Published: Aug 28, 2024Modified: Mar 27, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.

Affected (1)

Products: Mi: App Market

1 product

App Market

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mi App Market	From 4.57.4 to 4.58.2

Related CWEs

CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

References (1)

https://trust.mi.com/misrc/bulletins/advisory?cveId=543

Source: security@xiaomi.com

Vendor Advisory

Timeline

No history available yet.