In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2023090075 | Third Party Advisory |
https://github.com/ally-petitt/macs-cms-auth-bypass | Product |
Configurations
History
02 Oct 2023, 16:51
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/ally-petitt/macs-cms-auth-bypass - Product | |
References | (MISC) https://cxsecurity.com/issue/WLB-2023090075 - Third Party Advisory | |
CWE | CWE-843 | |
CPE | cpe:2.3:a:macs_cms_project:macs_cms:1.1.4f:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Macs Cms Project
Macs Cms Project macs Cms |
27 Sep 2023, 15:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-27 15:19
Updated : 2023-12-10 15:14
NVD link : CVE-2023-43154
Mitre link : CVE-2023-43154
CVE.ORG link : CVE-2023-43154
JSON object : View
Products Affected
macs_cms_project
- macs_cms
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')