CVE-2023-38874

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 28, 2023

Updated: Oct 2, 2023

CWE ID 434

Summary

CVE-2023-38874 is a newlydiscovered remote code execution (RCE) vulnerability affecting gugoan's Economizzer, specifically version 0.9-beta1 and commit 3730880 (April 2023). Malicious attackers can exploit this weakness by uploading a PHP web shell as a file attachment when adding a new cash book entry. Once uploaded, the attacker gains the ability to visit the web shell and execute arbitrary commands, potentially leading to unauthorized system access and data compromise.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sG6z_7
https://www.cve.org/CVERecord?id=CVE-2023-38874
https://nvd.nist.gov/vuln/detail/CVE-2023-38874

Back to Vulnerability Database

CVE-2023-38874

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations