115Cms
CVE-2023-1328
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability.
AnalysisAI
A vulnerability was found in Guizhou 115cms 4.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability. Affected products include: 115Cms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
A vulnerability classified as problematic was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vul
A vulnerability classified as problematic has been found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), thi
A vulnerability was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exp
A vulnerability was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exp
A vulnerability was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exp
A vulnerability was found in 115cms up to 20240807 and classified as problematic.html. Rated medium severity (CVSS 5.3),
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today