CVE-2023-1482

MEDIUM

HkCms 2.2.4.230206 - Code Injection

Title source: llm

Description

A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223365 was assigned to this vulnerability.

Exploits (1)

gitee 412 stars
by Hk_Cms · phpwriteup
https://gitee.com/Hk_Cms/HkCms/issues/I6J7ZD

References (3)

Scores

CVSS v3 4.7
EPSS 0.0050
EPSS Percentile 66.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-94
Status published
Products (1)
hkcms_project/hkcms 2.2.4.230206
Published Mar 18, 2023
Tracked Since Feb 18, 2026