Vulnerabilities > CVE-2023-24108 - Unspecified vulnerability in Zetacomponenets Mvctools 20080923

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zetacomponenets

critical

NVD

Published: 2023-02-22

Updated: 2024-11-21

Summary

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Zetacomponenets Zetacomponenets Mvctools 2008-09-23	1

References

https://github.com/zetacomponents/MvcTools/
https://github.com/zetacomponents/MvcTools/
https://github.com/zetacomponents/MvcTools/issues/12
https://github.com/zetacomponents/MvcTools/issues/12
https://mirrors.neusoft.edu.cn/pypi/web/simple/request/
https://mirrors.neusoft.edu.cn/pypi/web/simple/request/