CVE-2023-42323

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DouHaocms version 3.3

Description A Cross Site Request Forgery (CSRF) issue allows a remote attacker to execute arbitrary code via the adminAction.class.php file. This can be exploited to perform unauthorized actions on the affected system.

Recommendations For DouHaocms version 3.3, consider disabling access to the adminAction.class.php file until a patch is available to prevent exploitation of the CSRF issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2023-42323

Affected Products

Douhaocms

CVE-2023-42323

Weakness Enumeration

Related Identifiers

Affected Products

References · 4