CVE-2023-42323
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-42323 is a Cross-Site Request Forgery (CSRF) vulnerability affecting DouHaocms version 3.3. An attacker can exploit this issue by making a malicious request to an unsuspecting user's browser, resulting in the execution of arbitrary code. The adminAction.class.php file is the targeted component in this vulnerability, allowing the attacker to manipulate the application's functionality and potentially gain unauthorized access to sensitive information or perform unintended actions. This type of attack relies on the user's session being compromised and trusting the attacker's malicious request, making it a significant threat to website security. Users are encouraged to upgrade to the latest version of DouHaocms to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.