Vulnerability Details CVE-2023-28731
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected.
This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.2%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-28731
-
cpe:2.3:a:acymailing:acymailing:-
-
cpe:2.3:a:acymailing:acymailing:5.11.5
-
cpe:2.3:a:acymailing:acymailing:6.7.0
-
cpe:2.3:a:acymailing:acymailing:8.0.0
-
cpe:2.3:a:acymailing:acymailing:8.1.0
-
cpe:2.3:a:acymailing:acymailing:8.1.1
-
cpe:2.3:a:acymailing:acymailing:8.1.2
-
cpe:2.3:a:acymailing:acymailing:8.2.0