CVE-2023-3643

Boss Mini document file inclusion

CVSS 7.3 HIGHEPSS 75.2%CWE-73

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Productos afectados

n/a · Boss Mini

PoCs públicas encontradas — 2

exploitdbwww.exploit-db.com/exploits/52482no verificado cve_referencedrive.google.com/file/d/1RXmDUAjqZvWSvHUrfRerz7My6M3KX7YG/viewno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://drive.google.com/file/d/1RXmDUAjqZvWSvHUrfRerz7My6M3KX7YG/view https://vuldb.com/?ctiid.233889 https://vuldb.com/?id.233889