PHPGurukul Employee Leaves Management System changepassword.php weak password
CVE-2023-0641

9.1CRITICAL

Key Information:

Vendor

PHPGurukul
Status
Employee Leaves Management System
Vendor
CVE Published:
2 February 2023

What is CVE-2023-0641?

A vulnerability exists in the Employee Leaves Management System 1.0 developed by PHPGurukul, particularly in the changepassword.php file. This security flaw allows an attacker to manipulate the values of newpassword and confirmpassword arguments leading to weak password implementation. Although the complexity of executing an attack is high, the risk is exacerbated as the vulnerability has been publicly disclosed. Attackers could potentially exploit this weakness remotely, highlighting the importance of strong password enforcement in applications.

Affected Version(s)

Employee Leaves Management System 1.0

References

https://vuldb.com/?id.220021
vdb-entrytechnical-description
https://vuldb.com/?ctiid.220021
signaturepermissions-required
https://github.com/ctflearner/Vulnerability/blob/main/Emp...
exploit

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Affan (VulDB User)
.