Vulnerability Details CVE-2023-3056
A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230542 is the identifier assigned to this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.0%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- https://github.com/HuBenLab/HuBenVulList/blob/main/YFCMF-TP6-3.0.4%20has%20a%20Remote%20Command%20Execution%20(RCE)%20vulnerability%201.md
- https://vuldb.com/?ctiid.230542
- https://vuldb.com/?id.230542
- https://github.com/HuBenLab/HuBenVulList/blob/main/YFCMF-TP6-3.0.4%20has%20a%20Remote%20Command%20Execution%20(RCE)%20vulnerability%201.md
- https://vuldb.com/?ctiid.230542
- https://vuldb.com/?id.230542
Products affected by CVE-2023-3056
-
cpe:2.3:a:iuok:yfcmf-tp6:2.0.0
-
cpe:2.3:a:iuok:yfcmf-tp6:2.0.1
-
cpe:2.3:a:iuok:yfcmf-tp6:2.0.2
-
cpe:2.3:a:iuok:yfcmf-tp6:3.0.0
-
cpe:2.3:a:iuok:yfcmf-tp6:3.0.1
-
cpe:2.3:a:iuok:yfcmf-tp6:3.0.2
-
cpe:2.3:a:iuok:yfcmf-tp6:3.0.3
-
cpe:2.3:a:iuok:yfcmf-tp6:3.0.4