CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-47261

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.032

EPSS Ranking 86.4%

CVSS Severity

CVSS v3 Score 9.8

References

https://h3x0s3.github.io/CVE2023~47261/
https://www.dokmee.com/Support-Learn/Updates-Change-Log
https://h3x0s3.github.io/CVE2023~47261/
https://www.dokmee.com/Support-Learn/Updates-Change-Log

Products affected by CVE-2023-47261

Dokmee » Enterprise Content Management » Version: 7.4.6

cpe:2.3:a:dokmee:enterprise_content_management:7.4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-47261

Products

Pricing

Contact Us