CVE-2023-46694

HIGH

Vtenext 21.02 - Authenticated RCE

Title source: llm

Description

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality.

Exploits (1)

nomisec WORKING POC 4 stars

by invisiblebyte · poc

https://github.com/invisiblebyte/CVE-2023-46694

View Code ZIP pw:eip

References (1)

Core 1

Core References

Various Sources

https://github.com/invisiblebyte/CVE-2023-46694

Scores

CVSS v3 8.1

EPSS 0.0908

EPSS Percentile 92.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Published May 28, 2024

Tracked Since Feb 18, 2026