SourceCodester Take-Note App cross-site request forgery
CVE-2023-4865

8.8HIGH

Key Information:

Vendor

SourceCodester
Status
Take-Note App
Vendor
CVE Published:
9 September 2023

What is CVE-2023-4865?

A security vulnerability exists in SourceCodester's Take-Note App 1.0 that allows for cross-site request forgery (CSRF). By leveraging this flaw, attackers can perform unauthorized actions on behalf of legitimate users without their consent. The vulnerability affects unknown code segments within the application, making it susceptible to remote exploitation. Following the public disclosure of the vulnerability, it remains crucial for users to remain vigilant and ensure that security measures are in place.

Affected Version(s)

Take-Note App 1.0

References

https://vuldb.com/?id.239350
vdb-entrytechnical-description
https://vuldb.com/?ctiid.239350
signaturepermissions-required
https://skypoc.wordpress.com/2023/09/05/sourcecodester-ta...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

gikaku (VulDB User)
.