PT-2023-25179 · Dataease · Dataease

Hbdxmz

Published

2023-06-26

Updated

2023-07-05

CVE-2023-35168

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 1.18.8

Description The issue allows ordinary users to bypass privileges and gain access to the user database, exposing sensitive information including md5 hashes of passwords, usernames, emails, and phone numbers.

Recommendations For versions prior to 1.18.8, upgrade to version 1.18.8 to resolve the issue. At the moment, there are no known workarounds for this vulnerability.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2023-35168

GHSA-C2R2-68P6-73XV

Affected Products

Dataease

PT-2023-25179 · Dataease · Dataease

CVE-2023-35168

Weakness Enumeration

Related Identifiers

Affected Products

References · 5