Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html | Exploit Third Party Advisory VDB Entry |
https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-03T00:00:00
Updated: 2023-11-03T04:08:48.245759
Reserved: 2023-07-25T00:00:00
Link: CVE-2023-38965
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-03T05:15:29.400
Modified: 2023-11-13T14:46:29.883
Link: CVE-2023-38965
JSON object: View
Redhat Information
No data.
CWE