Information Disclosure in Ocomon Product by Ninj4c0d3r
CVE-2023-33558

7.5HIGH

Key Information:

Vendor: Ocomon Project
Status: Ocomon
Vendor: CVE Published:; 26 October 2023

Summary

An information disclosure vulnerability exists in the users-grid-data.php component of Ocomon versions prior to 4.0.1. This flaw allows unauthorized attackers to extract sensitive information, such as email addresses and usernames, which could lead to further exploits or data breaches. It is essential for users to update their Ocomon installations to mitigate the risks associated with this vulnerability.

References

https://github.com/ninj4c0d3r/OcoMon-Research/commit/6357...

https://github.com/ninj4c0d3r/OcoMon-Research

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 26, 2023
Vulnerability Reserved
May 22, 2023