CVE-2023-3643

Boss Mini document file inclusion

CVSS 7.3 HIGHEPSS 75.2%CWE-73

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

n/a · Boss Mini

public PoCs found — 2

exploitdbwww.exploit-db.com/exploits/52482unverified cve_referencedrive.google.com/file/d/1RXmDUAjqZvWSvHUrfRerz7My6M3KX7YG/viewunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://drive.google.com/file/d/1RXmDUAjqZvWSvHUrfRerz7My6M3KX7YG/view https://vuldb.com/?ctiid.233889 https://vuldb.com/?id.233889