Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
References
Link | Resource |
---|---|
https://github.com/sanluan/PublicCMS/issues/76#issue-1960443408 | Exploit |
Configurations
History
28 Nov 2023, 21:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/sanluan/PublicCMS/issues/76#issue-1960443408 - Exploit | |
CWE | CWE-502 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Publiccms publiccms
Publiccms |
|
CPE | cpe:2.3:a:publiccms:publiccms:4.0.202302.e:*:*:*:*:*:*:* |
20 Nov 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-20 20:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-46990
Mitre link : CVE-2023-46990
CVE.ORG link : CVE-2023-46990
JSON object : View
Products Affected
publiccms
- publiccms
CWE
CWE-502
Deserialization of Untrusted Data