CVE-2023-41425
CVE-2023-41425
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.1EPSS 54.3%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
05 Nov 2023Public PoC
07 Nov 2023Metasploit module available
07 Nov 2023Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/apublic PoCs found — 17
githubgithub.com/prodigiousMind/CVE-2023-41425★ 27githubgithub.com/Tea-On/CVE-2023-41425-RCE-WonderCMS-4.3.2★ 8githubgithub.com/duck-sec/CVE-2023-41425★ 3githubgithub.com/thefizzyfish/CVE-2023-41425-wonderCMS_RCE★ 2githubgithub.com/Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE★ 1githubgithub.com/charlesgargasson/CVE-2023-41425★ 1githubgithub.com/xpltive/CVE-2023-41425★ 1githubgithub.com/Raffli-Dev/CVE-2023-41425★ 1githubgithub.com/KGorbakon/CVE-2023-41425★ 0githubgithub.com/SpycioKon/CVE-2023-41425★ 0githubgithub.com/becrevex/CVE-2023-41425★ 0githubgithub.com/Twappz/CVE-2023-41425★ 0githubgithub.com/0xDTC/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425★ 0githubgithub.com/h3athen/CVE-2023-41425★ 0githubgithub.com/0x0d3ad/CVE-2023-41425★ 0cve_referencewww.exploit-db.com/exploits/52271unverifiedcve_referencepacketstorm.news/files/id/190575/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →