A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233359. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md | Exploit |
https://vuldb.com/?ctiid.233359 | Permissions Required |
https://vuldb.com/?id.233359 | Permissions Required |
https://youtu.be/ouwud0PlHkE | Exploit |
https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md | Exploit |
https://vuldb.com/?ctiid.233359 | Permissions Required |
https://vuldb.com/?id.233359 | Permissions Required |
https://youtu.be/ouwud0PlHkE | Exploit |
Configurations
History
21 Nov 2024, 08:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md - Exploit | |
References | () https://vuldb.com/?ctiid.233359 - Permissions Required | |
References | () https://vuldb.com/?id.233359 - Permissions Required | |
References | () https://youtu.be/ouwud0PlHkE - Exploit | |
CVSS |
v2 : v3 : |
v2 : 2.7
v3 : 3.5 |
19 Jul 2023, 16:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md - Exploit | |
References | (MISC) https://vuldb.com/?ctiid.233359 - Permissions Required | |
References | (MISC) https://youtu.be/ouwud0PlHkE - Exploit | |
References | (MISC) https://vuldb.com/?id.233359 - Permissions Required | |
CPE | cpe:2.3:a:wallabag:wallabag:2.5.4:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
10 Jul 2023, 16:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-10 16:15
Updated : 2024-11-21 08:17
NVD link : CVE-2023-3566
Mitre link : CVE-2023-3566
CVE.ORG link : CVE-2023-3566
JSON object : View
Products Affected
wallabag
- wallabag
CWE
CWE-770
Allocation of Resources Without Limits or Throttling