CVE-2023-3231

Published: Jun 14, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability.

Affected (1)

Products: Ujcms: Ujcms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ujcms Ujcms	Up to 6.0.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://github.com/ujcms/ujcms/issues/6

Source: cna@vuldb.com

ExploitVendor Advisory

https://vuldb.com/?ctiid.231502

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?id.231502

Source: cna@vuldb.com

Permissions Required

https://github.com/ujcms/ujcms/issues/6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://vuldb.com/?ctiid.231502

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://vuldb.com/?id.231502

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.