Incorrect Access Control Vulnerability in Sourcecodester Online Computer and Laptop Store
CVE-2023-31704

9.8CRITICAL

Key Information:

Vendor: Oretnom23
Status: Online Computer And Laptop Store
Vendor: CVE Published:; 13 July 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-31704?

The Online Computer and Laptop Store version 1.0 developed by Sourcecodester is susceptible to an Incorrect Access Control vulnerability. This flaw allows remote attackers to manipulate access rights, enabling them to escalate their privileges to that of an administrator. Exploiting this vulnerability poses significant risks, as it could allow unauthorized access to sensitive system functionalities and data.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-31704
Created by d34dun1c02n

References

https://www.sourcecodester.com/php/16397/online-computer-...

https://github.com/d34dun1c02n/CVE-2023-31704

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 13, 2023
👾
Exploit known to exist
Jul 13, 2023
Vulnerability published
Jul 13, 2023
Vulnerability Reserved
Apr 29, 2023

Oretnom23

Badges

What is CVE-2023-31704?

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline