SourceCodester Auto Dealer Management System Users.php access control
CVE-2023-0916

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Auto Dealer Management System
Vendor
CVE Published:
19 February 2023

Summary

A vulnerability has been identified in the SourceCodester Auto Dealer Management System version 1.0, specifically within the file /adms/classes/Users.php. This issue relates to improper access controls, allowing unauthorized access to sensitive functionalities of the application. An attacker can exploit this vulnerability remotely, which raises significant security concerns. The flaw has been publicly disclosed, emphasizing the urgency for users to address and mitigate the associated risks.

Affected Version(s)

Auto Dealer Management System 1.0

References

https://vuldb.com/?id.221491
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221491
signaturepermissions-required
https://github.com/navaidzansari/CVE_Demo/blob/main/2023/...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

navaidansari (VulDB User)
.