What is CVE-2023-41425?

CVE-2023-41425 is a vulnerability in N/a. Published 2023-11-07.

Is CVE-2023-41425 known to be exploited?

29 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-41425

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.

EPSS: 0.911 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

prodigiousMind/CVE-2023-41425
Tea-On/CVE-2023-41425-RCE-WonderCMS-4.3.2
duck-sec/CVE-2023-41425
thefizzyfish/CVE-2023-41425-wonderCMS_RCE
Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE
xpltive/CVE-2023-41425
Raffli-Dev/CVE-2023-41425
charlesgargasson/CVE-2023-41425
becrevex/CVE-2023-41425
KGorbakon/CVE-2023-41425

References

wondercms.com
gist.github.com/prodigiousMind/fc69a79629c4ba9ee88a7ad526043413

Frequently asked questions

What is CVE-2023-41425?: CVE-2023-41425 is a vulnerability in N/a. Published 2023-11-07.
Is CVE-2023-41425 known to be exploited?: 29 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.