CVSS 3.1 Score 7.2 of 10 (high)


Published Aug 3, 2023
Updated: Aug 8, 2023
CWE ID 552


CVE-2023-38948 is an arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5, affecting the mfPoC5 product. Attackers can exploit this vulnerability to execute arbitrary code by downloading a crafted plugin. The risk score is 25, with a base severity rating of high (7.2). The privileges required for exploitation are high, and there is no user interaction required. The attack vector is through the network, and it has a high impact on integrity and confidentiality. The vulnerability has not been modified since its discovery, and its exploitability score is 1.2. Organizations using jizhi CMS 1.9.5 should apply remediation measures promptly to mitigate potential danger to their systems and data.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-38948 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options