CVE-2023-41425

CVSS 6.1 MEDIUMEPSS 54.3%CWE-79

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

n/a · n/a

public PoCs found — 17

githubgithub.com/prodigiousMind/CVE-2023-41425★ 27 githubgithub.com/Tea-On/CVE-2023-41425-RCE-WonderCMS-4.3.2★ 8 githubgithub.com/duck-sec/CVE-2023-41425★ 3 githubgithub.com/thefizzyfish/CVE-2023-41425-wonderCMS_RCE★ 2 githubgithub.com/Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE★ 1 githubgithub.com/charlesgargasson/CVE-2023-41425★ 1 githubgithub.com/xpltive/CVE-2023-41425★ 1 githubgithub.com/Raffli-Dev/CVE-2023-41425★ 1 githubgithub.com/KGorbakon/CVE-2023-41425★ 0 githubgithub.com/SpycioKon/CVE-2023-41425★ 0 githubgithub.com/becrevex/CVE-2023-41425★ 0 githubgithub.com/Twappz/CVE-2023-41425★ 0 githubgithub.com/0xDTC/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425★ 0 githubgithub.com/h3athen/CVE-2023-41425★ 0 githubgithub.com/0x0d3ad/CVE-2023-41425★ 0 cve_referencewww.exploit-db.com/exploits/52271unverified cve_referencepacketstorm.news/files/id/190575/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/prodigiousMind/fc69a79629c4ba9ee88a7ad526043413 https://packetstorm.news/files/id/190575/https://www.exploit-db.com/exploits/52271 http://wondercms.com