PT-2023-25406 · Sourcecodester · Sourcecodester Best Pos Management System

Zhangguohu

Publicado

2023-07-10

Atualizado

2024-05-17

CVE-2023-3599

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Best Fee Management System version 1.0

Description A critical issue has been found, affecting the function save user of the file admin class.php in the component Add User Handler. This leads to improper access controls, allowing remote attacks. The exploit has been disclosed publicly.

Recommendations For SourceCodester Best Fee Management System version 1.0, consider disabling the save user function in the admin class.php file until a patch is available to prevent improper access controls. Restrict access to the Add User Handler component to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2023-3599

Produtos afetados

Sourcecodester Best Pos Management System

PT-2023-25406 · Sourcecodester · Sourcecodester Best Pos Management System

CVE-2023-3599

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7