PT-2023-32609 · Moses-Smt+1 · Moses-Smt+1

Ebwill

Publicado

2023-11-27

Atualizado

2024-05-17

CVE-2023-6309

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions moses-smt mosesdecoder versions up to 4.0

Description A critical issue was found in the mosesdecoder, affecting an unknown part of the file contrib/iSenWeb/trans result.php. The manipulation of the input1 argument leads to os command injection. The issue has been publicly disclosed and may be exploited.

Recommendations For versions up to 4.0, update to a version later than 4.0 to resolve the issue. As a temporary workaround, consider restricting access to the contrib/iSenWeb/trans result.php file until a patch is available. Avoid using the input1 argument in the affected file until the issue is resolved.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2023-6309

Produtos afetados

Moses-Smt

Mosesdecoder

PT-2023-32609 · Moses-Smt+1 · Moses-Smt+1

CVE-2023-6309

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7