Vulnerabilities > CVE-2023-6027 - Unspecified vulnerability in Elijaa PHPmemcachedadmin 1.3.0

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

elijaa

NVD

Published: 2023-11-30

Updated: 2024-11-21

Summary

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter.

Vulnerable Configurations

Part	Description	Count
Application	Elijaa Elijaa Phpmemcachedadmin 1.3.0	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpmemcachedadmin
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpmemcachedadmin