{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5221", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-09-27T07:59:46.694Z", "datePublished": "2023-09-27T13:31:05.111Z", "dateUpdated": "2024-09-24T13:51:43.716Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-24T19:37:44.663Z"}, "title": "ForU CMS index.php code injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Code Injection"}]}], "affected": [{"vendor": "ForU", "product": "CMS", "versions": [{"version": "n/a", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in ForU CMS entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /install/index.php. Mit der Manipulation des Arguments db_name mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-09-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-09-27T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-09-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-10-16T12:05:57.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "fovker (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.240363", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.240363", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/Fovker8/cve/blob/main/rce.md", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.541Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.240363", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.240363", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/Fovker8/cve/blob/main/rce.md", "tags": ["exploit", "x_transferred"]}]}, {"affected": [{"vendor": "foru_cms_project", "product": "foru_cms", "cpes": ["cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T13:47:57.983326Z", "id": "CVE-2023-5221", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T13:51:43.716Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.240363", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.240363", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/Fovker8/cve/blob/main/rce.md", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.541Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5221", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T13:47:57.983326Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*"], "vendor": "foru_cms_project", "product": "foru_cms", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T13:51:26.643Z"}}], "cna": {"title": "ForU CMS index.php code injection", "credits": [{"lang": "en", "type": "analyst", "value": "fovker (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}], "affected": [{"vendor": "ForU", "product": "CMS", "versions": [{"status": "affected", "version": "n/a"}]}], "timeline": [{"lang": "en", "time": "2023-09-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-09-27T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-09-27T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-10-16T12:05:57.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.240363", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.240363", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/Fovker8/cve/blob/main/rce.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in ForU CMS entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /install/index.php. Mit der Manipulation des Arguments db_name mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-24T19:37:44.663Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5221", "state": "PUBLISHED", "dateUpdated": "2024-09-24T13:51:43.716Z", "dateReserved": "2023-09-27T07:59:46.694Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-09-27T13:31:05.111Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foru_cms_project:foru_cms:-:*:*:*:*:*:*:*", "matchCriteriaId": "F77BC951-0137-4E12-B3BE-F50DF11226E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en ForU CMS y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /install/index.php. La manipulaci\u00f3n del argumento db_name conduce a la inyecci\u00f3n de c\u00f3digo. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Este producto no utiliza versiones. Esta es la raz\u00f3n por la que la informaci\u00f3n sobre las versiones afectadas y no afectadas no est\u00e1 disponible. El identificador asociado de esta vulnerabilidad es VDB-240363. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2023-5221", "lastModified": "2024-05-17T02:32:54.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-09-27T15:19:43.280", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Fovker8/cve/blob/main/rce.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.240363"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.240363"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}