Vulnerability Description
File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mgt-Commerce | Cloudpanel | >= 2.0.0, <= 2.3.2 |
Related Weaknesses (CWE)
References
- https://www.cloudpanel.io/docs/v2/changelog/Release Notes
- https://www.mgt-commerce.com/docs/mgt-cloudpanel/dashboardProduct
- https://www.cloudpanel.io/docs/v2/changelog/Release Notes
- https://www.mgt-commerce.com/docs/mgt-cloudpanel/dashboardProduct
FAQ
What is CVE-2023-46157?
CVE-2023-46157 is a vulnerability with a CVSS score of 8.8 (HIGH). File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.
How severe is CVE-2023-46157?
CVE-2023-46157 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46157?
Check the references section above for vendor advisories and patch information. Affected products include: Mgt-Commerce Cloudpanel.