Vulnerabilities > CVE-2023-52262 - Unspecified vulnerability in Outdoorbits Little Backup BOX

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

outdoorbits

critical

NVD

Published: 2023-12-30

Updated: 2024-11-21

Summary

outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input.

Vulnerable Configurations

Part	Description	Count
Application	Outdoorbits Outdoorbits Little Backup BOX -	1

References

https://github.com/outdoorbits/little-backup-box/commit/f39f91cd05544b3eb18b59897c765d6ba9313faa
https://github.com/outdoorbits/little-backup-box/commit/f39f91cd05544b3eb18b59897c765d6ba9313faa
https://www.php.net/manual/en/function.extract
https://www.php.net/manual/en/function.extract