CVE-2023-4393

MEDIUM

LiquidFiles <3.7.13 - Command Injection

Title source: llm

Description

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.

References (1)

Core 1

Core References

Vendor Advisory

https://www.themissinglink.com.au/security-advisories/cve-2023-4393

Scores

CVSS v3 5.4

EPSS 0.0031

EPSS Percentile 22.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-116 CWE-79 CWE-147

Status published

Products (1)

liquidfiles/liquidfiles < 3.7.14

Published Oct 30, 2023

Tracked Since Feb 18, 2026