CVE-2023-41425

EPSS 91.08% · P100 Updated Apr 29, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-41425

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

WonderCMS 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WonderCMS是一套基于PHP的开源内容管理系统（CMS）。 WonderCMS v.3.2.0版本至v.3.4.2版本存在安全漏洞。攻击者利用该漏洞通过上传到installModule组件的特制脚本执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2023-41425

#	POC Description	Source Link	Shenlong Link
1	WonderCMS Authenticated RCE - CVE-2023-41425	https://github.com/prodigiousMind/CVE-2023-41425	POC Details
2	Wonder CMS RCE (XSS)	https://github.com/charlesgargasson/CVE-2023-41425	POC Details
3	WonderCMS RCE CVE-2023-41425	https://github.com/insomnia-jacob/CVE-2023-41425	POC Details
4	Research	https://github.com/tiyeume25112004/CVE-2023-41425	POC Details
5	Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.	https://github.com/thefizzyfish/CVE-2023-41425-wonderCMS_RCE	POC Details
6	None	https://github.com/Raffli-Dev/CVE-2023-41425	POC Details
7	CVE-2023-41425 (Wonder CMS XSS to RCE) exploit which serves required scripts locally. Good if you're lost at sea and have found a problem with your bike.	https://github.com/duck-sec/CVE-2023-41425	POC Details
8	CVE-2023-41425 Refurbish	https://github.com/TanveerS1ngh/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425	POC Details
9	Writing one because the one I found isn't working	https://github.com/h3athen/CVE-2023-41425	POC Details
10	CVE-2023-41425 Refurbish	https://github.com/0xDTC/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425	POC Details
11	Xss injection, WonderCMS 3.2.0 -3.4.2	https://github.com/Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE	POC Details
12	CVE-2023-41425 (XSS to RCE, Wonder CMS 3.2.0 <= 3.4.2)	https://github.com/0x0d3ad/CVE-2023-41425	POC Details
13	Research	https://github.com/SpycioKon/CVE-2023-41425	POC Details
14	Wonder CMS v3.2.0 - v3.4.2 XSS to RCE exploit	https://github.com/xpltive/CVE-2023-41425	POC Details
15	None	https://github.com/samu21req/CVE-2023-41425	POC Details
16	None	https://github.com/KGorbakon/CVE-2023-41425	POC Details
17	WonderCMS RCE CVE-2023-41425	https://github.com/Twappz/CVE-2023-41425	POC Details
18	WonderCMS v3.4.2 NSE Discovery Script	https://github.com/becrevex/CVE-2023-41425	POC Details
19	Automates creation and hosting of a JavaScript XSS payload to install a malicious theme module, triggering a reverse shell via Remote Code Execution in WonderCMS. This tool uses PentestMonkey's PHP reverse shell script as the payload	https://github.com/Tea-On/CVE-2023-41425-RCE-WonderCMS-4.3.2	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-41425

请登录查看更多情报信息。

Same Patch Batch · n/a · 2023-11-07 · 22 CVEs total

CVE-2023-4154	7.5 HIGH	Samba: ad dc password exposure to privileged users and rodcs
CVE-2023-43984		PrestaShop Advanced Export Products Orders Cron CSV Excel 安全漏洞
CVE-2023-47456		Tenda AX1806 安全漏洞
CVE-2023-47455		Tenda AX1806 安全漏洞
CVE-2023-47360		VideoLAN VLC media player 安全漏洞
CVE-2023-47359		VideoLAN VLC media player 安全漏洞
CVE-2023-47102		UrBackup 安全漏洞
CVE-2023-46998		BootBox Bootbox.js 安全漏洞
CVE-2023-46501		BoltWire 安全漏洞
CVE-2023-46001		GPAC 安全漏洞
CVE-2023-45380		PrestaShop Order Duplicator 安全漏洞
CVE-2021-43419		Opay Mobile application 安全漏洞
CVE-2023-43886		Tenda RX9 Pro 安全漏洞
CVE-2023-43885		Tenda RX9 Pro 安全漏洞
CVE-2023-42361		Atlassian JIRA Server和JIRA Data Center 安全漏洞
CVE-2023-42284		Tyk Gateway 安全漏洞
CVE-2023-42283		Tyk Gateway 安全漏洞
CVE-2023-33481		Saad Irfan RemoteClinic 安全漏洞
CVE-2023-33480		Saad Irfan RemoteClinic 安全漏洞
CVE-2023-33479		Saad Irfan RemoteClinic 安全漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2023-41425

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-41425

I. Basic Information for CVE-2023-41425

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2023-41425

III. Intelligence Information for CVE-2023-41425

Same Patch Batch · n/a · 2023-11-07 · 22 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-41425

Leave a comment