PT-2023-28721 · Macrob7 · Macrob7 Macs Framework Content Management System
Ally Petitt
·
Published
2023-09-26
·
Updated
2023-10-02
·
CVE-2023-43154
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Macrob7 Macs Framework Content Management System (CMS) version 1.1.4f
Description
The issue is related to a PHP type confusion vulnerability due to loose comparison in the
isValidLogin() function during a login attempt. This vulnerability can lead to authentication bypass and takeover of the administrator account.Recommendations
For Macrob7 Macs Framework Content Management System (CMS) version 1.1.4f, consider disabling the
isValidLogin() function until a patch is available to prevent potential exploitation. Restrict access to the login functionality to minimize the risk of authentication bypass.Fix
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Macrob7 Macs Framework Content Management System