FastCMS Template Management unrestricted upload
CVE-2023-0651

9.8CRITICAL

Key Information:

Vendor

Fastcms Project

Status
Fastcms
Vendor
CVE Published:
2 February 2023

What is CVE-2023-0651?

A vulnerability in FastCMS version 0.1.0 affects the Template Management component, allowing an attacker to perform unrestricted file uploads. This type of vulnerability can lead to remote code execution when exploited, as it permits unauthorized users to upload files that could compromise system security. The exploit has been made public, raising concerns for users of this software. Organizations using FastCMS should take immediate measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

FastCMS 0.1.0

References

https://vuldb.com/?id.220038
vdb-entry
https://vuldb.com/?ctiid.220038
signaturepermissions-required
https://vuldb.com/?submit.82316
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yanfei.chen (VulDB User)
JSON
.