PHPGurukul Online Notes Sharing System signup.php weak password
CVE-2023-7053

8.8HIGH

Key Information:

Vendor
PHPGurukul
Status
Online Notes Sharing System
Vendor
CVE Published:
22 December 2023

Summary

A vulnerability exists in the PHPGurukul Online Notes Sharing System 1.0, specifically within the /user/signup.php file. This weakness allows for inadequate password requirements, making it susceptible to exploitation. Attackers can initiate remote attacks, taking advantage of this vulnerability to access unauthorized functions within the application. The technical complexity of launching an attack is notable, making the exploitation less straightforward, yet the potential implications highlight the need for immediate attention to strengthen password policies. Public disclosure of this vulnerability has raised awareness and underscores the urgency for users to implement security measures.

Affected Version(s)

Online Notes Sharing System 1.0

References

https://vuldb.com/?id.248740
vdb-entry
https://vuldb.com/?ctiid.248740
signaturepermissions-required
https://github.com/dhabaleshwar/Open-Source-Vulnerabiliti...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

dhabaleshwar (VulDB User)
.