CVE-2023-4591

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 3, 2023

Updated: Nov 13, 2023

CWE ID 829

Summary

CVE-2023-4591 is a local file inclusion vulnerability found in WPN-XM Serverstack version 0.8.6. This vulnerability allows an unauthenticated user to perform a local file inclusion (LFI) by sending a GET request through the /tools/webinterface/index.php?page parameter. Exploiting this vulnerability could result in the loading of a PHP file on the server, potentially leading to a critical webshell exploit. The base severity of this vulnerability is rated as high and it has a CVSS score of 7.5. The confidentiality impact is also rated as high, while the integrity impact is none and the availability impact is none.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database