CVE-2023-48392

Name of the Vulnerable Software and Affected Versions Kaifa Technology WebITR (affected versions not specified)

Description The issue is related to the use of a hard-coded encryption key in the WebITR online attendance system. This allows an unauthenticated remote attacker to generate a valid token parameter and exploit the vulnerability to access the system with an arbitrary user account, including the administrator's account. The attacker can then execute the login account's permissions and obtain relevant information. The vulnerability can be exploited to elevate privileges to the level of an administrator.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.