PT-2023-30730 · Unknown · Jorani Leave Management System

Published

2023-12-06

Updated

2023-12-11

CVE-2023-48205

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jorani Leave Management System version 1.0.2

Description The issue allows a remote attacker to spoof a Host header associated with password reset emails. This can potentially lead to unauthorized access or manipulation of user accounts.

Recommendations For Jorani Leave Management System version 1.0.2, consider restricting access to password reset functionality until a patch is available. As a temporary workaround, avoid using the password reset feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2023-48205

Affected Products

Jorani Leave Management System

PT-2023-30730 · Unknown · Jorani Leave Management System

CVE-2023-48205

Weakness Enumeration

Related Identifiers

Affected Products

References · 6