CVE-2023-3231
LowCVSS 3.1Exploitation Probability (EPSS)
Elevated risk52th percentile — higher than 52% of all known CVEs
Summary
A vulnerability has been found in UJCMS up to version 6.0.2 in the ZIP Package Handler component, which may lead to information disclosure. Manipulation of the argument dir allows for a remote attack, although the complexity is rather high.
Risk Assessment
The organization may be exposed to the disclosure of sensitive information, which could lead to further attacks or data privacy breaches.
Recommendation
It is recommended to upgrade to version 7.0.0 to address this vulnerability and secure the system.
Original NVD description (English source)
A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability.

