CVE-2023-1303
published 2023-03-09CVE-2023-1303: A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component…
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.79%
51.7th percentile
A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-222683.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ucms_project | ucms | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-646v-93pq-q849: A vulnerability was found in UCMS 1
ghsa_unreviewed·2023-03-10
CVE-2023-1303 [CRITICAL] CWE-434 GHSA-646v-93pq-q849: A vulnerability was found in UCMS 1
A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-222683.
Red Hat
kernel: Local information disclosure in some Intel(R) processors
vendor_redhat·2024-02-14·CVSS 5.5
CVE-2023-38575 [MEDIUM] CWE-1303 kernel: Local information disclosure in some Intel(R) processors
kernel: Local information disclosure in some Intel(R) processors
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
A vulnerability was found in some Intel processors that may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted host.
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 6) - Not affected
Package: microcode_ctl (Red Hat Enterprise Linux 6) - Out of support scope
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: microcode_ctl (Red Hat E
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-09
Published