PT-2023-28829 · Unknown · Service Provider Management System

Samarth Dad

Publicado

2023-09-25

Atualizado

2024-09-25

CVE-2023-43457

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Service Provider Management System version 1.0

Description An issue in the system allows a remote attacker to gain privileges via the ID parameter in the "/php-spms/admin/?page=user/" endpoint.

Recommendations For version 1.0, consider disabling access to the "/php-spms/admin/?page=user/" endpoint until a patch is available. Restrict the use of the ID parameter in this endpoint to minimize the risk of exploitation.

Exploit

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2023-43457

Produtos afetados

Service Provider Management System

PT-2023-28829 · Unknown · Service Provider Management System

CVE-2023-43457

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10