Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html | Exploit Third Party Advisory VDB Entry |
https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt | Exploit Third Party Advisory |
Configurations
History
13 Nov 2023, 14:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:* | |
First Time |
Oretnom23 lost And Found Information System
Oretnom23 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt - Exploit, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html - Exploit, Third Party Advisory, VDB Entry | |
CWE | CWE-639 |
03 Nov 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-03 05:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-38965
Mitre link : CVE-2023-38965
CVE.ORG link : CVE-2023-38965
JSON object : View
Products Affected
oretnom23
- lost_and_found_information_system
CWE
CWE-639
Authorization Bypass Through User-Controlled Key