Moderate severityNVD Advisory· Published Nov 30, 2023· Updated Aug 2, 2024

Cross-site Scripting vulnerability in PHPMemcachedAdmin

CVE-2023-6027

Description

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
elijaa/phpmemcacheadminPackagist	<= 1.3.0	—

Affected products

ghsa-coords
pkg:composer/elijaa/phpmemcacheadmin
Range: <= 1.3.0
PHPMemcachedAdmin/PHPMemcachedAdminv5
Range: 1.3.0

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-pr4w-m4rp-gp87ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-6027ghsaADVISORY
github.com/FriendsOfPHP/security-advisories/blob/master/elijaa/phpmemcacheadmin/CVE-2023-6027.yamlghsaWEB
www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpmemcachedadminghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000