PT-2023-5300 · Unknown · Modulys Gp
Aarón Flecha Menéndez
·
Published
2023-09-07
·
Updated
2024-08-02
·
CVE-2023-40221
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
MODULYS GP (MOD3GP-SY-120K) (affected versions not specified)
Description
The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter
MAIL RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Modulys Gp