PT-2023-31033 · Unknown · Ltb Self Service Password

Gianluca Palma

Publicado

2023-12-20

Atualizado

2024-01-02

CVE-2023-49032

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LTB Self Service Password versions prior to 1.5.4

Description The issue allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to an arbitrary phone.

Recommendations For versions prior to 1.5.4, update to version 1.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMS verification code function until a patch is available.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2023-49032

Produtos afetados

Ltb Self Service Password

PT-2023-31033 · Unknown · Ltb Self Service Password

CVE-2023-49032

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5