Vulnerability Description
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Superstorefinder | Super Store Finder | <= 3.7 |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-CommaExploitThird Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-CommaExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2023-43835?
CVE-2023-43835 is a vulnerability with a CVSS score of 8.8 (HIGH). Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.
How severe is CVE-2023-43835?
CVE-2023-43835 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-43835?
Check the references section above for vendor advisories and patch information. Affected products include: Superstorefinder Super Store Finder.