CVE-2023-3643

nvd nist nuclei

Published: Jul 12, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.

Affected (1)

Products: Carel: Boss Mini Firmware

1 product

Boss Mini Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Carel Boss Mini Firmware	Version 1.4.0 build_6221

Running on/with	Platform Versions
Carel Boss Mini	All versions

Related CWEs

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (6)

https://drive.google.com/file/d/1RXmDUAjqZvWSvHUrfRerz7My6M3KX7YG/view

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.233889

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?id.233889

Source: cna@vuldb.com

Third Party Advisory

https://drive.google.com/file/d/1RXmDUAjqZvWSvHUrfRerz7My6M3KX7YG/view

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?ctiid.233889

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://vuldb.com/?id.233889

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.