CVE-2023-34880

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jun 15, 2023

Updated: Jun 26, 2023

CWE ID 22

Summary

CVE-2023-34880 is a newly discovered vulnerability affecting cmseasy v7.7.7.7 20230520. This issue is linked to a path traversal vulnerability found in the add_action method located at lib/admin/language_admin.php. By exploiting this flaw, attackers can execute arbitrary code and carry out local file inclusions, posing a significant security risk. The vulnerability grants unauthorized access and potential data theft or system compromise. Users are strongly advised to update their cmseasy installation as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rpwyqf
https://www.cve.org/CVERecord?id=CVE-2023-34880
https://nvd.nist.gov/vuln/detail/CVE-2023-34880

Back to Vulnerability Database

CVE-2023-34880

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations