1. Home
  2. CVE Database
  3. CVE-2023-46694
HIGH · 8.1

CVE-2023-46694

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper auth...

Vulnerability Description

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Related Weaknesses (CWE)

CWE-434

References

FAQ

What is CVE-2023-46694?

CVE-2023-46694 is a vulnerability with a CVSS score of 8.1 (HIGH). Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper auth...

How severe is CVE-2023-46694?

CVE-2023-46694 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-46694?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.