PT-2023-32769 · Unknown · Amazing Little Poll

David Utón Amaya

Publicado

2023-12-13

Atualizado

2023-12-22

CVE-2023-6768

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Amazing Little Poll versions 1.3 through 1.4

Description The issue allows an unauthenticated user to access the admin panel without providing any credentials by accessing the "lp admin.php?adminstep=" parameter. This could enable unauthorized access to sensitive areas of the application.

Recommendations For versions 1.3 and 1.4, consider restricting access to the "lp admin.php?adminstep=" parameter until a patch is available. As a temporary workaround, avoid using the adminstep parameter in the "lp admin.php" endpoint to minimize the risk of exploitation.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2023-6768

Produtos afetados

Amazing Little Poll

PT-2023-32769 · Unknown · Amazing Little Poll

CVE-2023-6768

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7