CVE-2023-46694

{"id": "CVE-2023-46694", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-05-28T20:16:20.743", "references": [{"url": "https://github.com/invisiblebyte/CVE-2023-46694", "source": "cve@mitre.org"}, {"url": "https://github.com/invisiblebyte/CVE-2023-46694", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality."}, {"lang": "es", "value": "Vtenext 21.02 permite a un atacante autenticado cargar archivos arbitrarios, lo que potencialmente le permite ejecutar comandos remotos. Esta falla existe debido a que la aplicaci\u00f3n no aplica los controles de autenticaci\u00f3n adecuados al acceder a la funcionalidad del administrador de archivos de Ckeditor."}], "lastModified": "2024-11-21T08:29:05.667", "sourceIdentifier": "cve@mitre.org"}