PT-2023-29299 · Moosocial · Moosocial

Ahrixia

Published

2023-10-09

Updated

2023-10-11

CVE-2023-44811

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MooSocial version 3.1.8

Description A Cross Site Request Forgery (CSRF) issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. This can be exploited to gain unauthorized access to sensitive data.

Recommendations For MooSocial version 3.1.8, update to a version that includes a fix for this issue, as using the admin Password Change Function may allow remote attackers to execute arbitrary code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2023-44811

Affected Products

Moosocial

PT-2023-29299 · Moosocial · Moosocial

CVE-2023-44811

Weakness Enumeration

Related Identifiers

Affected Products

References · 4