CVE-2023-7150

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-7150
A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://vuldb.com/?id.249157 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?ctiid.249157 Permissions Required VDB Entry
https://github.com/laoquanshi/-Arbitrary-file-upload-vulnerability- Third Party Advisory
https://github.com/laoquanshi/Chic-Vulnerability- Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:campcodes:chic_beauty_salon:20230703:*:*:*:*:*:*:*
History

05 Jan 2024, 16:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:campcodes:chic_beauty_salon:20230703:*:*:*:*:*:*:*
First Time Campcodes
Campcodes chic Beauty Salon
References () https://vuldb.com/?ctiid.249157 - () https://vuldb.com/?ctiid.249157 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.249157 - () https://vuldb.com/?id.249157 - Permissions Required, Third Party Advisory, VDB Entry
References () https://github.com/laoquanshi/-Arbitrary-file-upload-vulnerability- - () https://github.com/laoquanshi/-Arbitrary-file-upload-vulnerability- - Third Party Advisory
References () https://github.com/laoquanshi/Chic-Vulnerability- - () https://github.com/laoquanshi/Chic-Vulnerability- - Product

29 Dec 2023, 17:16

Type Values Removed Values Added
References
  • () https://github.com/laoquanshi/Chic-Vulnerability- -
Summary A vulnerability classified as critical was found in Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability. A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability.

29 Dec 2023, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-29 04:15

Updated : 2024-05-17 02:34

NVD link : CVE-2023-7150

Mitre link : CVE-2023-7150

JSON object : View

Products Affected

campcodes

  • chic_beauty_salon
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type