{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-43154", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2023-09-26T20:22:13.232312", "dateReserved": "2023-09-18T00:00:00", "datePublished": "2023-09-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-26T20:22:13.232312"}, "descriptions": [{"lang": "en", "value": "In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in \"isValidLogin()\" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ally-petitt/macs-cms-auth-bypass"}, {"url": "https://cxsecurity.com/issue/WLB-2023090075"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:macs_cms_project:macs_cms:1.1.4f:*:*:*:*:*:*:*", "matchCriteriaId": "98B08F9C-C783-4DD6-B23E-5F12488A8DB2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in \"isValidLogin()\" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account."}, {"lang": "es", "value": "En Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, la comparaci\u00f3n vaga en la funci\u00f3n \"isValidLogin()\" durante el intento de inicio de sesi\u00f3n da como resultado una vulnerabilidad de confusi\u00f3n de tipo PHP que conduce a la omisi\u00f3n de autenticaci\u00f3n y la toma de control de la cuenta de administrador."}], "id": "CVE-2023-43154", "lastModified": "2023-10-02T16:51:34.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-27T15:19:33.323", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cxsecurity.com/issue/WLB-2023090075"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/ally-petitt/macs-cms-auth-bypass"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}