CVE-2023-49978

Опубликовано: 21 мар. 2024

Источник: nvd

CVSS3: 8.8

CVSS3: 7.2

EPSS Низкий

Описание

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.

Ссылки

https://github.com/geraldoalcantara/CVE-2023-49978
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html
Product
https://github.com/geraldoalcantara/CVE-2023-49978
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oretnom23:customer_support_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00389

Низкий

8.8 High

CVSS3

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-284

Связанные уязвимости

GHSA-37p6-2h72-m598

CVSS3: 7.2

github

почти 2 года назад

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.

EPSS

Процентиль: 59%

0.00389

Низкий

8.8 High

CVSS3

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-284