HIGH🇵🇱 Wersja polska

CVE-2023-39377

CVSS 7.2v3.1pub. 2023-09-27upd. 2024-11-21

SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Siberiancms

    APP
    Siberiancms
    4.0.0 – 4.20.44 (bez)5.0.0 – 5.0.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-41702CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SiberianCMS — krytyczna podatność bazy danych

CVE-2023-39375HIGH7.5ten sam produkt

SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges

CVE-2023-39378HIGH8.8ten sam produkt

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') b...

CVE-2025-1105MEDIUM5.3ten sam produkt

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is s...

CVE-2023-39376MEDIUM6.5ten sam produkt

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network...