CVE-2023-3800

MEDIUM Year: 2023
CVSS v3 Score
6.6
Medium
CVSS v2 Score
3.7
Low
Weakness Type
CWE-434
View all →

Vulnerability Description

A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235068. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2021-29699

MEDIUM
CVSS:6.6(Medium)

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.

CWE-4342021

CVE-2021-31207

MEDIUM
CVSS:6.6(Medium)

Microsoft Exchange Server Security Feature Bypass Vulnerability

CWE-4342021

CVE-2022-0263

MEDIUM
CVSS:6.6(Medium)

Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.

CWE-4342022

CVE-2024-39717

MEDIUM
CVSS:6.6(Medium)

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-...

CWE-4342024

CVE-2024-49676

MEDIUM
CVSS:6.6(Medium)

Unrestricted Upload of File with Dangerous Type vulnerability in Michael Bourne Custom Icons for Elementor allows Upload a Web Shell to a Web Server.This issue affects Custom Icons for Elementor: from...

CWE-4342024

CVE-2024-53811

MEDIUM
CVSS:6.6(Medium)

Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40.

CWE-4342024