A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223365 was assigned to this vulnerability.
References
Link | Resource |
---|---|
https://gitee.com/Hk_Cms/HkCms/issues/I6J7ZD | Exploit Issue Tracking Third Party Advisory |
https://vuldb.com/?ctiid.223365 | Third Party Advisory |
https://vuldb.com/?id.223365 | Third Party Advisory |
https://gitee.com/Hk_Cms/HkCms/issues/I6J7ZD | Exploit Issue Tracking Third Party Advisory |
https://vuldb.com/?ctiid.223365 | Third Party Advisory |
https://vuldb.com/?id.223365 | Third Party Advisory |
Configurations
History
21 Nov 2024, 07:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitee.com/Hk_Cms/HkCms/issues/I6J7ZD - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.223365 - Third Party Advisory | |
References | () https://vuldb.com/?id.223365 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 4.7 |
Information
Published : 2023-03-18 10:15
Updated : 2024-11-21 07:39
NVD link : CVE-2023-1482
Mitre link : CVE-2023-1482
CVE.ORG link : CVE-2023-1482
JSON object : View
Products Affected
hkcms_project
- hkcms
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')