CVE-2023-37759

Опубликовано: 08 сент. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.

Ссылки

https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
Product
https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html
Exploit
Third Party Advisory
VDB Entry
https://tregix.com/
Not Applicable
https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
Product
https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html
Exploit
Third Party Advisory
VDB Entry
https://tregix.com/
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendylogics:crypto_currency_tracker:*:*:*:*:*:*:*:*

Версия до 9.5 (включая)

EPSS

Процентиль: 87%

0.03462

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other

CWE-284

Связанные уязвимости

GHSA-hrxx-273v-pgj4