Skip to main content

Subrion CVE-2023-46947

HIGH
Code Injection (CWE-94)
2023-11-03 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 03, 2023 - 13:15 nvd
HIGH 8.8

DescriptionNVD

Subrion 4.2.1 has a remote command execution vulnerability in the backend.

AnalysisAI

Subrion 4.2.1 has a remote command execution vulnerability in the backend. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Subrion 4.2.1 has a remote command execution vulnerability in the backend. Affected products include: Intelliants Subrion.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2024-25400 CRITICAL POC
9.8 Feb 27

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. Rated critical severity (CVSS 9.8), this vulner

CVE-2020-12468 HIGH POC
7.8 Apr 29

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. Rated high severity (CVSS 7.8), this vulner

CVE-2020-12469 MEDIUM POC
6.5 Apr 29

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized

CVE-2020-12467 MEDIUM POC
6.5 Apr 29

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. Rated medium severity (CVSS 6.5

CVE-2017-10795 MEDIUM POC
6.1 Jul 02

Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or

CVE-2017-5543 CRITICAL
9.8 Jan 20

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks

CVE-2018-14840 MEDIUM POC
6.1 Aug 02

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for exam

CVE-2023-43884 MEDIUM POC
5.4 Sep 28

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attacke

CVE-2023-43830 MEDIUM POC
5.4 Sep 27

A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to exec

CVE-2023-43828 MEDIUM POC
5.4 Sep 27

A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary w

CVE-2019-17225 MEDIUM POC
5.4 Oct 06

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" i

CVE-2017-15063 HIGH
8.8 Oct 06

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Rated hig

Share

CVE-2023-46947 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy