CVE Catalog

CVE-2023-3800

LowCVSS 3.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.56%

42th percentile — higher than 42% of all known CVEs

Summary

A vulnerability was found in EasyAdmin8 version 2.0.2.2 that allows unrestricted file uploads. The issue affects an unknown function in the file /admin/index/index.html#/admin/mall.goods/index.html of the File Upload Module.

Risk Assessment

The organization may be exposed to attacks related to unauthorized file uploads, potentially leading to serious security breaches.

Recommendation

It is recommended to update to the latest version of EasyAdmin8 and monitor the system for unauthorized file upload activities.

Original NVD description (English source)

A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235068. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS