SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication
CVE-2023-0905

7.5HIGH

Key Information:

Vendor
SourceCodester
Status
Employee Task Management System
Vendor
CVE Published:
18 February 2023

Summary

A vulnerability exists in the Employee Task Management System developed by SourceCodester, specifically within the functionality around changing employee passwords in the changePasswordForEmployee.php file. This flaw allows attackers to bypass authentication mechanisms, potentially leading to unauthorized access to sensitive employee data. The vulnerability can be exploited remotely, making it critical for organizations using this system to apply appropriate security measures to mitigate the risk. The details regarding this vulnerability have been publicly disclosed, raising concerns for those utilizing the affected versions of the software.

Affected Version(s)

Employee Task Management System 1.0

References

https://vuldb.com/?id.221454
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221454
signaturepermissions-required
https://github.com/navaidzansari/CVE_Demo/blob/main/2023/...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

navaidansari (VulDB User)
.