CVE-2023-0651

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md", "name": "https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md", "tags": ["Broken Link"], "refsource": "MISC"}, {"url": "https://github.com/linmoren/fastcms_bug/blob/main/password.zip", "name": "https://github.com/linmoren/fastcms_bug/blob/main/password.zip", "tags": ["Broken Link"], "refsource": "MISC"}, {"url": "https://vuldb.com/?id.220038", "name": "https://vuldb.com/?id.220038", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.220038", "name": "https://vuldb.com/?ctiid.220038", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-434"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-0651", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2023-02-02T16:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:fastcms_project:fastcms:0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-09T20:06Z"}