SourceCodester Music Gallery Site POST Request Users.php access control
CVE-2023-0963

7.3HIGH

Key Information:

Vendor
Sourcecodester
Status
Music Gallery Site
Vendor
CVE Published:
22 February 2023

Summary

A serious access control vulnerability exists in the Music Gallery Site version 1.0 by SourceCodester. This issue arises from inadequate processing within the Users.php file of the POST Request Handler, allowing attackers to manipulate access permissions improperly. As the exploit may be remotely initiated, it poses a significant security risk. This vulnerability has been publicly disclosed and could potentially be maliciously leveraged, highlighting the urgent need for remediation.

Affected Version(s)

Music Gallery Site 1.0

References

https://vuldb.com/?id.221633
vdb-entry
https://vuldb.com/?ctiid.221633
signaturepermissions-required
https://github.com/navaidzansari/CVE_Demo/blob/main/2023/...
exploit

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

navaidansari (VulDB User)
.