CVE-2023-42248

Published: Jan 13, 2025Modified: Apr 17, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".

Affected (1)

Products: Seling: Visual Access Manager

Seling

1 product

Visual Access Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Seling Visual Access Manager	Before 4.42.2

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.