CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:superstorefinder:super_store_finder:*:*:*:*:*:-:*:*

History

21 Nov 2024, 08:24

Type	Values Removed	Values Added
References	~~() https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry~~	() https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry

04 Oct 2023, 17:00

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Superstorefinder super Store Finder Superstorefinder
CPE		cpe:2.3:a:superstorefinder:super_store_finder::::::-::*
CWE		CWE-74
References	~~(MISC) https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html -~~	(MISC) https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry

02 Oct 2023, 20:26

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-02 20:15

Updated : 2024-11-21 08:24

NVD link : CVE-2023-43835

Mitre link : CVE-2023-43835

CVE.ORG link : CVE-2023-43835

JSON object : View

Products Affected

superstorefinder

super_store_finder

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2023-43835", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-02T20:15:10.187", "references": [{"url": "https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content."}, {"lang": "es", "value": "Super Store Finder 3.7 y versiones anteriores son vulnerables a la inyecci\u00f3n de c\u00f3digo PHP arbitrario autenticado que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo cuando la configuraci\u00f3n sobrescribe el contenido de config.inc.php."}], "lastModified": "2024-11-21T08:24:51.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:superstorefinder:super_store_finder:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "5173E387-23B3-4776-B558-C16A41C4C08D", "versionEndIncluding": "3.7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}