SourceCodester Lost and Found Information System access control
CVE-2023-2670

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Lost and Found Information System
Vendor
CVE Published:
12 May 2023

Summary

A vulnerability in SourceCodester's Lost and Found Information System 1.0 allows for improper access controls, particularly within the file admin/?page=user/manage_user. This flaw can be exploited remotely, giving unauthorized individuals potential access to sensitive functionalities. As the details of this exploit have been disclosed to the public, it poses a significant risk if not addressed promptly.

Affected Version(s)

Lost and Found Information System 1.0

References

https://vuldb.com/?id.228886
vdb-entrytechnical-description
https://vuldb.com/?ctiid.228886
signature
https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

huutuanbg97 (VulDB User)
.