CVE-2023-38948

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 3, 2023

Updated: Aug 8, 2023

CWE ID 552

Summary

CVE-2023-38948 is a newly identified vulnerability affecting the jizhi CMS 1.9.5 platform. This issue resides in the /PluginsController.php component and enables attackers to download arbitrary files. By manipulating plugin files, adversaries can execute malicious code, leading to potential unauthorized access, data theft, or system compromise. This vulnerability poses a significant threat to CMS users and underscores the importance of timely software updates and secure configuration.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sG6MHJ
https://www.cve.org/CVERecord?id=CVE-2023-38948
https://nvd.nist.gov/vuln/detail/CVE-2023-38948

Back to Vulnerability Database

CVE-2023-38948

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations