SourceCodester Earnings and Expense Tracker App index.php information disclosure
CVE-2023-1858

7.5HIGH

Key Information:

Vendor: SourceCodester
Status: Earnings and Expense Tracker App
Vendor: CVE Published:; 5 April 2023

Summary

The Earnings and Expense Tracker App by SourceCodester is vulnerable to a significant information disclosure issue that arises within the index.php file. This vulnerability is exploited through manipulation of the 'page' argument, which allows unauthorized access to sensitive information. The attack can be executed remotely, raising concerns about the security of user data and application integrity. It is crucial for users of this application to implement protective measures to mitigate potential exploitation of this vulnerability.

Affected Version(s)

Earnings and Expense Tracker App 1.0

References

https://vuldb.com/?id.224997

vdb-entrytechnical-description

https://vuldb.com/?ctiid.224997

signature

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2023
Vulnerability Reserved
Apr 5, 2023

Credit

aallll (VulDB User)