The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.
References
Link | Resource |
---|---|
https://wiki.notveg.ninja/blog/CVE-2023-39854/ | Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-09T00:00:00
Updated: 2023-10-09T06:51:52.390101
Reserved: 2023-08-07T00:00:00
Link: CVE-2023-39854
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-09T07:15:24.570
Modified: 2024-02-01T01:10:05.043
Link: CVE-2023-39854
JSON object: View
Redhat Information
No data.
CWE