The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.
References
Link | Resource |
---|---|
https://wiki.notveg.ninja/blog/CVE-2023-39854/ | Mitigation Third Party Advisory |
https://wiki.notveg.ninja/blog/CVE-2023-39854/ | Mitigation Third Party Advisory |
Configurations
History
21 Nov 2024, 08:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://wiki.notveg.ninja/blog/CVE-2023-39854/ - Mitigation, Third Party Advisory |
01 Feb 2024, 01:10
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-09 07:15
Updated : 2024-11-21 08:16
NVD link : CVE-2023-39854
Mitre link : CVE-2023-39854
CVE.ORG link : CVE-2023-39854
JSON object : View
Products Affected
atx
- ucrypt
CWE
CWE-918
Server-Side Request Forgery (SSRF)