A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
History

Tue, 24 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-09-27T13:31:05.111Z

Updated: 2024-09-24T13:51:43.716Z

Reserved: 2023-09-27T07:59:46.694Z

Link: CVE-2023-5221

cve-icon Vulnrichment

Updated: 2024-08-02T07:52:08.541Z

cve-icon NVD

Status : Modified

Published: 2023-09-27T15:19:43.280

Modified: 2024-11-21T08:41:19.317

Link: CVE-2023-5221

cve-icon Redhat

No data.