CRITICAL🇬🇧 English

CVE-2023-36994

CVSS 9.8v3.1pub. 2023-07-07upd. 2024-11-21

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Travianz Project Travianz

    APP
    Travianz Project
    8.3.38.3.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-36993CRITICAL9.8ten sam produkt

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password ...

CVE-2023-36992HIGH7.2ten sam produkt

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to ex...

CVE-2023-36995MEDIUM6.1ten sam produkt

TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Ad...