FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2023-7098

Path Traversal: '../filedir' (CWE-24)

Published: Dec 25, 2023 / Updated: 11mo ago

010
CVSS 5.3EPSS 0.05%Medium
CVE info copied to clipboard

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-248950 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2023-7098

Dec 24, 2023 at 6:15 PM
First Article

Feedly found the first article mentioning CVE-2023-7098. See article

Dec 25, 2023 at 2:06 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Dec 25, 2023 at 2:08 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 12.3%)

Jan 3, 2024 at 7:22 PM
CVSS

A CVSS base score of 5.3 has been assigned.

Apr 11, 2024 at 1:27 AM / nvd
CVSS

A CVSS base score of 5.3 has been assigned.

May 14, 2024 at 3:10 PM / nvd
Static CVE Timeline Graph

Affected Systems

Easyimages2.0_project/easyimages2.0
+null more

News

NA - CVE-2023-7098 - ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability...
Security-Database Alerts Monitor : Last 100 Alerts / 11mo
Cvss vector : Cvss Base Score N/A Attack Range N/A Cvss Impact Score N/A Attack Complexity N/A Cvss Expoit Score N/A Authentication N/A Calculate full CVSS 2.0 Vectors scores ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3.
CVE-2023-7098
CyberSecurityBoard.com Cyber News | RSS Feed / 11mo
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. VDB-248950 is the identifier assigned to this vulnerability.
CVE-2023-7098
Newest CVEs from Tenable / 11mo
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. The attack can be initiated remotely.
CVE-2023-7098
Vulners.com RSS Feed / 11mo
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-248950 is the identifier assigned to this vulnerability. NOTE:
CVE-2023-7098
National Vulnerability Database / 11mo
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-248950 is the identifier assigned to this vulnerability. NOTE:
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:High
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

CVSS 5.3(34618)CWE-24(56)Easyimages2.0 project(3)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial