CVE-2023-3538 - OpenCVE

A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Simplephpscripts	Photo Gallery Php

Configuration 1 [-]

cpe:2.3:a:simplephpscripts:photo_gallery_php:2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://vuldb.com/?ctiid.233290
https://vuldb.com/?id.233290

History

Wed, 23 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-07-07T14:00:04.620Z

Updated: 2024-10-23T20:52:15.452Z

Reserved: 2023-07-07T11:59:18.682Z

Link: CVE-2023-3538

Vulnrichment

Updated: 2024-08-02T06:55:03.382Z

NVD

Status : Modified

Published: 2023-07-07T14:15:09.850

Modified: 2024-11-21T08:17:29.537

Link: CVE-2023-3538

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3538", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-07-07T11:59:18.682Z", "datePublished": "2023-07-07T14:00:04.620Z", "dateUpdated": "2024-10-23T20:52:15.452Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-23T14:14:42.303Z"}, "title": "SimplePHPscripts Photo Gallery PHP URL Parameter preview.php cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "SimplePHPscripts", "product": "Photo Gallery PHP", "versions": [{"version": "2.0", "status": "affected"}], "modules": ["URL Parameter Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "In SimplePHPscripts Photo Gallery PHP 2.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /preview.php der Komponente URL Parameter Handler. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2023-07-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-07-07T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-07-07T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-07-25T13:09:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "skalvin (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.233290", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.233290", "tags": ["signature"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.382Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.233290", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.233290", "tags": ["signature", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T20:52:02.710121Z", "id": "CVE-2023-3538", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T20:52:15.452Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.233290", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.233290", "tags": ["signature", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.382Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3538", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T20:52:02.710121Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T20:52:11.437Z"}}], "cna": {"title": "SimplePHPscripts Photo Gallery PHP URL Parameter preview.php cross site scripting", "credits": [{"lang": "en", "type": "analyst", "value": "skalvin (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "SimplePHPscripts", "modules": ["URL Parameter Handler"], "product": "Photo Gallery PHP", "versions": [{"status": "affected", "version": "2.0"}]}], "timeline": [{"lang": "en", "time": "2023-07-07T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-07-07T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-07-07T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-07-25T13:09:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.233290", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.233290", "tags": ["signature"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "In SimplePHPscripts Photo Gallery PHP 2.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /preview.php der Komponente URL Parameter Handler. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-23T14:14:42.303Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3538", "state": "PUBLISHED", "dateUpdated": "2024-10-23T20:52:15.452Z", "dateReserved": "2023-07-07T11:59:18.682Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-07-07T14:00:04.620Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simplephpscripts:photo_gallery_php:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "109042A3-2033-4C1C-91FC-93DBB7AB943A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability."}], "id": "CVE-2023-3538", "lastModified": "2024-11-21T08:17:29.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-07-07T14:15:09.850", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.233290"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.233290"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.233290"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.233290"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}