CVE-2023-0963

SourceCodester Music Gallery Site POST Request Users.php access control

CVSS 7.3 HIGHEPSS 4.7%CWE-284

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Produtos afetados

SourceCodester · Music Gallery Site

PoCs públicas encontradas — 2

cve_referencegithub.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20Broken%20Access%20Control.mdnão verificado exploitdbwww.exploit-db.com/exploits/51289não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20Broken%20Access%20Control.md https://vuldb.com/?ctiid.221633 https://vuldb.com/?id.221633