CVE-2023-45952

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 17, 2023
Updated: Oct 25, 2023
CWE ID 434

Summary

The vulnerability with the CVE ID CVE-2023-45952 is an arbitrary file upload vulnerability found in the component ajax_link.php of lylme_spage v1.7.0. This vulnerability affects the product tHubRV. Attackers can exploit this vulnerability to execute arbitrary code by uploading a crafted file. The risk score for this vulnerability is 65, and it has a base severity of CRITICAL with a base score of 9.8 according to NVD@nist.gov. The exploitability score is 3.9, and it does not require any privileges or user interaction. The attack vector is through the network, and it has high impacts on integrity and confidentiality. The availability impact is also high. The CWE ID associated with this vulnerability is CWE-434, which refers to the unrestricted upload of a file with a dangerous type. Remediation steps are not provided in the information available for this vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45952 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options