CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.7%

CVSS Severity

CVSS v3 Score 7.2

References

https://gitee.com/CTF-hacker/pwn/issues/I7LI4E
https://gitee.com/CTF-hacker/pwn/issues/I7LI4E

Products affected by CVE-2023-38948

Jizhicms » Jizhicms » Version: 1.9.5

cpe:2.3:a:jizhicms:jizhicms:1.9.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-38948

Products

Pricing

Contact Us