CVE-2023-6302

HIGH Year: 2023
CVSS v3 Score
7.2
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-275
View all →

Vulnerability Description

A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2015-7842

HIGH
CVSS:7.1(High)

Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with so...

CWE-2752015

CVE-2017-8153

HIGH
CVSS:7.1(High)

Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send ...

CWE-2752017

CVE-2014-1631

HIGH
CVSS:7.5(High)

Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.

CWE-2752014

CVE-2015-7781

HIGH
CVSS:7.5(High)

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.

CWE-2752015

CVE-2016-5299

HIGH
CVSS:7.5(High)

A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android...

CWE-2752016

CVE-2016-7988

HIGH
CVSS:7.5(High)

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configura...

CWE-2752016