PT-2023-25179 · Dataease · Dataease

Hbdxmz

·

Publicado

2023-06-26

·

Atualizado

2023-07-05

·

CVE-2023-35168

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 1.18.8
Description The issue allows ordinary users to bypass privileges and gain access to the user database, exposing sensitive information including md5 hashes of passwords, usernames, emails, and phone numbers.
Recommendations For versions prior to 1.18.8, upgrade to version 1.18.8 to resolve the issue. At the moment, there are no known workarounds for this vulnerability.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2023-35168
GHSA-C2R2-68P6-73XV

Produtos afetados

Dataease