Vulnerability Details CVE-2023-3057
A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.0%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- https://github.com/HuBenLab/HuBenVulList/blob/main/YFCMF-TP6-3.0.4%20has%20a%20Remote%20Command%20Execution%20(RCE)%20vulnerability%202.md
- https://vuldb.com/?ctiid.230543
- https://vuldb.com/?id.230543
- https://github.com/HuBenLab/HuBenVulList/blob/main/YFCMF-TP6-3.0.4%20has%20a%20Remote%20Command%20Execution%20(RCE)%20vulnerability%202.md
- https://vuldb.com/?ctiid.230543
- https://vuldb.com/?id.230543
Products affected by CVE-2023-3057
-
cpe:2.3:a:iuok:yfcmf-tp6:2.0.0
-
cpe:2.3:a:iuok:yfcmf-tp6:2.0.1
-
cpe:2.3:a:iuok:yfcmf-tp6:2.0.2
-
cpe:2.3:a:iuok:yfcmf-tp6:3.0.0
-
cpe:2.3:a:iuok:yfcmf-tp6:3.0.1
-
cpe:2.3:a:iuok:yfcmf-tp6:3.0.2
-
cpe:2.3:a:iuok:yfcmf-tp6:3.0.3
-
cpe:2.3:a:iuok:yfcmf-tp6:3.0.4