CVE-2023-4704 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.9 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
@huntrdev	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Vendor	Product	Version
instantcms	instantcms	𝑥 < 2.16.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-15 - External Control of System or Configuration Setting
One or more system settings or configuration elements can be externally controlled by a user.
CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

References

https://github.com/instantsoft/icms2/commit/bc22d89691fdaf38055eba13dda8d959b16fa731

https://huntr.dev/bounties/4a54134d-df1f-43d4-9b14-45f023cd654a

https://github.com/instantsoft/icms2/commit/bc22d89691fdaf38055eba13dda8d959b16fa731

https://huntr.dev/bounties/4a54134d-df1f-43d4-9b14-45f023cd654a