exploitDog

CVE-2023-46449

Опубликовано: 26 окт. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.

Ссылки

https://github.com/sajaljat/CVE-2023-46449/tree/main
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=H5QnsOKjs3s
Exploit
Third Party Advisory
https://github.com/sajaljat/CVE-2023-46449/tree/main
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=H5QnsOKjs3s
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mayurik:inventory_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.0025

Низкий

8.8 High

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-3qmc-vv7g-wccj

CVSS3: 8.8

github

больше 2 лет назад

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.

EPSS

Процентиль: 48%

0.0025

Низкий

8.8 High

CVSS3

Дефекты

CWE-732