PT-2023-23719 · Ujcms · Ujcms
Keecth
·
Published
2023-06-14
·
Updated
2024-05-17
·
CVE-2023-3231
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
UJCMS versions up to 6.0.2
Description
A vulnerability has been found in the ZIP Package Handler component of UJCMS, which can lead to information disclosure through the manipulation of the
dir argument. The attack can be initiated remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used.Recommendations
For UJCMS versions up to 6.0.2, upgrade to version 7.0.0 to address this issue. It is recommended to upgrade the affected component.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ujcms