← back
CVE-2023-0916

SourceCodester Auto Dealer Management System Users.php access control

CVSS 6.3 MEDIUMEPSS 3.1%CWE-284
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
SourceCodester · Auto Dealer Management System
public PoCs found2
cve_referencegithub.com/navaidzansari/CVE_Demo/blob/main/2023/Auto%20Dealer%20Management%20System%20-%20Broken%20Access%20Control.mdunverifiedexploitdbwww.exploit-db.com/exploits/51281unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Auto%20Dealer%20Management%20System%20-%20Broken%20Access%20Control.mdhttps://vuldb.com/?ctiid.221491https://vuldb.com/?id.221491