CVE-2023-27897

MEDIUM Year: 2023
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.

Related Vulnerabilities

CVE-2017-18468

MEDIUM
CVSS:6.3(Medium)

cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).

CWE-942017

CVE-2018-20931

MEDIUM
CVSS:6.3(Medium)

cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).

CWE-942018

CVE-2019-1577

MEDIUM
CVSS:6.3(Medium)

Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.

CWE-942019

CVE-2020-11056

MEDIUM
CVSS:6.3(Medium)

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has...

CWE-942020

CVE-2023-26877

MEDIUM
CVSS:6.3(Medium)

File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint.

CWE-942023

CVE-2023-40621

MEDIUM
CVSS:6.3(Medium)

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on ...

CWE-942023