HIGH🇬🇧 English

CVE-2023-46157

CVSS 8.8v3.1pub. 2023-12-08upd. 2024-11-21

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Mgt Commerce Cloudpanel

    APP
    Mgt-Commerce
    2.0.0 – 2.3.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2023-35885CRITICAL9.8ten sam produkt

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.

CVE-2024-24320HIGH8.8ten sam produkt

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to ...

CVE-2023-36630HIGH8.8ten sam produkt

In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.

CVE-2023-33747HIGH7.8ten sam produkt

CloudPanel v2.2.2 allows attackers to execute a path traversal.

CVE-2023-0391HIGH8.1ten sam produkt

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative in...

CVE-2023-46157 — HIGH 8.8 | CVEbaza.pl