Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for easyadmin8 by wolfcode

    CVE-2023-3800 (GCVE-0-2023-3800)

    Vulnerability from nvd – Published: 2023-07-20 23:00 – Updated: 2024-10-24 14:52
    VLAI
    Title
    EasyAdmin8 File Upload Module index.html unrestricted upload
    Summary
    A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235068. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.235068 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.235068 signaturepermissions-required
    https://github.com/wolf-leo/EasyAdmin8/issues/1 exploitissue-tracking
    Impacted products
    Vendor Product Version
    n/a EasyAdmin8 Affected: 2.0.2.2
    Credits
    XMAO (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.235068"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.235068"
              },
              {
                "tags": [
                  "exploit",
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/wolf-leo/EasyAdmin8/issues/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3800",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:51:38.106823Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:52:14.944Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "File Upload Module"
              ],
              "product": "EasyAdmin8",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "XMAO (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235068. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in EasyAdmin8 2.0.2.2 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/index/index.html#/admin/mall.goods/index.html der Komponente File Upload Module. Durch das Beeinflussen mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.7,
                "vectorString": "AV:A/AC:H/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T18:44:37.531Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.235068"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.235068"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/wolf-leo/EasyAdmin8/issues/1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-07-20T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-07-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-08-15T11:23:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "EasyAdmin8 File Upload Module index.html unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3800",
        "datePublished": "2023-07-20T23:00:04.741Z",
        "dateReserved": "2023-07-20T08:17:02.789Z",
        "dateUpdated": "2024-10-24T14:52:14.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3800 (GCVE-0-2023-3800)

    Vulnerability from cvelistv5 – Published: 2023-07-20 23:00 – Updated: 2024-10-24 14:52
    VLAI
    Title
    EasyAdmin8 File Upload Module index.html unrestricted upload
    Summary
    A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235068. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.235068 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.235068 signaturepermissions-required
    https://github.com/wolf-leo/EasyAdmin8/issues/1 exploitissue-tracking
    Impacted products
    Vendor Product Version
    n/a EasyAdmin8 Affected: 2.0.2.2
    Credits
    XMAO (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.235068"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.235068"
              },
              {
                "tags": [
                  "exploit",
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/wolf-leo/EasyAdmin8/issues/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3800",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:51:38.106823Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:52:14.944Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "File Upload Module"
              ],
              "product": "EasyAdmin8",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "XMAO (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235068. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in EasyAdmin8 2.0.2.2 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/index/index.html#/admin/mall.goods/index.html der Komponente File Upload Module. Durch das Beeinflussen mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.7,
                "vectorString": "AV:A/AC:H/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T18:44:37.531Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.235068"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.235068"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/wolf-leo/EasyAdmin8/issues/1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-07-20T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-07-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-08-15T11:23:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "EasyAdmin8 File Upload Module index.html unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3800",
        "datePublished": "2023-07-20T23:00:04.741Z",
        "dateReserved": "2023-07-20T08:17:02.789Z",
        "dateUpdated": "2024-10-24T14:52:14.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }