CVE-2023-1442
Published on: Not Yet Published
Last Modified on: 03/23/2023 03:36:00 PM UTC
Certain versions of Qykcms from Qykcms contain the following vulnerability:
A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223287.
- CVE-2023-1442 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software:
Meizhou Qingyunke - QYKCMS version = 4.3.0
CVSS3 Score: 7.2 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | HIGH | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
-/README.md at main · VG00000/- · GitHub | github.com text/html |
![]() |
vuldb.com text/plain Inactive LinkNot Archived |
![]() | |
vuldb.com text/plain Inactive LinkNot Archived |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Qykcms | Qykcms | 4.3.0 | All | All | All |
- cpe:2.3:a:qykcms:qykcms:4.3.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2023-1442 | Meizhou Qingyunke QYKCMS 4.3.0 Update /admin_system/api.php downurl unrestricted upload A vulnerabi… twitter.com/i/web/status/1… | 2023-03-17 07:50:53 |
![]() |
CVE-2023-1442 | 2023-03-17 08:38:34 |