Vulnerabilities > CVE-2023-33559 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ocomon Project Ocomon 3.3/4.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ocomon-project

CWE-829

NVD

Published: 2023-10-26

Updated: 2023-11-07

Summary

A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.

Vulnerable Configurations

Part	Description	Count
Application	Ocomon_Project Ocomon Project Ocomon - Ocomon Project Ocomon 3.3 Ocomon Project Ocomon 4.0	5

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://github.com/ninj4c0d3r/OcoMon-Research/commit/7459ff397f48b5356930c16c522331e39158461dv
https://github.com/ninj4c0d3r/OcoMon-Research