xnx3 wangmarket Role Management Page code injection
CVE-2023-6886

9.8CRITICAL

Key Information:

Vendor

xnx3

Status
wangmarket
Vendor
CVE Published:
17 December 2023

What is CVE-2023-6886?

A significant vulnerability exists in the Wangmarket product by xnx3, specifically affecting the Role Management Page. This vulnerability allows for code injection, which can be exploited by remote attackers. The issue is related to an unidentified functionality within the Role Management component, potentially paving the way for unauthorized access and execution of arbitrary code. The exploit has been publicly disclosed, increasing the risk of its exploitation in the wild. Users are advised to take immediate action to secure their systems and apply any available patches.

Affected Version(s)

wangmarket 6.1

References

https://vuldb.com/?id.248246
vdb-entry
https://vuldb.com/?ctiid.248246
signaturepermissions-required
https://github.com/xnx3/wangmarket/issues/8
exploitissue-tracking

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

hexixi (VulDB User)
JSON
.
CVE-2023-6886 : xnx3 wangmarket Role Management Page code injection