PT-2023-17002 · Sourcecodester · Sourcecodester Medicine Tracker System
Wwesleywww
·
Published
2023-03-17
·
Updated
2024-05-17
·
CVE-2023-1464
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Medicine Tracker System version 1.0
Description
A critical issue was found in the system, affecting an unknown part of the file Users.php?f=save user. The manipulation of the arguments
firstname, middlename, lastname, username, and password leads to improper authentication. It is possible to initiate the attack remotely.Recommendations
For version 1.0, consider disabling the
save user function in the Users.php file until a patch is available. Restrict access to the Users.php?f=save user endpoint to minimize the risk of exploitation. Avoid using the parameters firstname, middlename, lastname, username, and password in the affected endpoint until the issue is resolved.Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Medicine Tracker System