CVE-2023-48204

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 16, 2023

Updated: Nov 21, 2023

CWE ID 918

Summary

CVE-2023-48204 is a cybersecurity vulnerability affecting PublicCMS version 4.0.202302. An attacker can exploit this issue by manipulating the appToken and Parameters parameter in the api/method/getHtml component, enabling them to acquire sensitive information remotely. This vulnerability poses a serious threat to data confidentiality and should be addressed with immediate patching or other mitigation measures. PublicCMS users are strongly advised to update their software to a version free from this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Publiccms

Affected Vendors

Publiccms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tYo2pw
https://www.cve.org/CVERecord?id=CVE-2023-48204
https://nvd.nist.gov/vuln/detail/CVE-2023-48204

Back to Vulnerability Database