CVE-2023-3231

A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability.
References
Link Resource
https://github.com/ujcms/ujcms/issues/6 Exploit Vendor Advisory
https://vuldb.com/?ctiid.231502 Permissions Required
https://vuldb.com/?id.231502 Permissions Required
Configurations

Configuration 1 (hide)

cpe:2.3:a:ujcms:ujcms:*:*:*:*:*:*:*:*

History

21 Jun 2023, 19:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:ujcms:ujcms:*:*:*:*:*:*:*:*
CWE CWE-200 NVD-CWE-noinfo
References (MISC) https://vuldb.com/?ctiid.231502 - (MISC) https://vuldb.com/?ctiid.231502 - Permissions Required
References (MISC) https://github.com/ujcms/ujcms/issues/6 - (MISC) https://github.com/ujcms/ujcms/issues/6 - Exploit, Vendor Advisory
References (MISC) https://vuldb.com/?id.231502 - (MISC) https://vuldb.com/?id.231502 - Permissions Required
First Time Ujcms ujcms
Ujcms

14 Jun 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-14 06:15

Updated : 2024-05-17 02:27


NVD link : CVE-2023-3231

Mitre link : CVE-2023-3231

CVE.ORG link : CVE-2023-3231


JSON object : View

Products Affected

ujcms

  • ujcms
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor