CVE-2023-6907

Published: Dec 18, 2023Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability.

Affected (1)

Products: Codelyfe: Stupid Simple Cms

1 product

Stupid Simple Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Codelyfe Stupid Simple Cms	Up to 1.2.4

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20deletion.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.248269

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.248269

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20deletion.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?ctiid.248269

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.248269

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.