exploitDog

CVE-2023-26987

Опубликовано: 01 мая 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.

Ссылки

https://docs.google.com/document/d/14DYoZfKN__As8gBXMFae7wChKJXpmbuUdMn2Gf803Lw
Exploit
Third Party Advisory
https://docs.google.com/document/d/14DYoZfKN__As8gBXMFae7wChKJXpmbuUdMn2Gf803Lw/edit
Exploit
Third Party Advisory
https://github.com/redteambrasil/nuclei-templates
Not Applicable
https://docs.google.com/document/d/14DYoZfKN__As8gBXMFae7wChKJXpmbuUdMn2Gf803Lw
Exploit
Third Party Advisory
https://docs.google.com/document/d/14DYoZfKN__As8gBXMFae7wChKJXpmbuUdMn2Gf803Lw/edit
Exploit
Third Party Advisory
https://github.com/redteambrasil/nuclei-templates
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:konga_project:konga:0.14.9:-:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00091

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3q3f-6h94-9gg7

CVSS3: 6.5

github

почти 3 года назад

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.

EPSS

Процентиль: 26%

0.00091

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo