Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.
AnalysisAI
Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. Affected products include: Max-3000 Maxsite Cms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Maxsite Cms
View allA Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary
Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-upd
A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attacke
Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at
Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_de
MaxSite CMS up to version 109 contains an improper access control vulnerability in the file editor plugin that allows au
MaxSite CMS up to version 109 contains an unrestricted file upload vulnerability in the auto_post plugin's upload handle
Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_c
Share
External POC / Exploit Code
Leaving vuln.today