CVE-2023-6099

Name of the Vulnerable Software and Affected Versions Shenzhen Youkate Industrial Facial Love Cloud Payment System versions up to 1.0.55.0.0.1

Description A critical vulnerability has been found in the Shenzhen Youkate Industrial Facial Love Cloud Payment System. This issue affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the operatorRole argument with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely.

Recommendations For Shenzhen Youkate Industrial Facial Love Cloud Payment System versions up to 1.0.55.0.0.1, as a temporary workaround, consider restricting access to the /SystemMng.ashx file until a patch is available. Additionally, avoid using the operatorRole argument with the input 00 in the affected component Account Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.