CVE-2023-40173

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fobybus:social-media-skeleton:*:*:*:*:*:*:*:*

History

23 Aug 2023, 19:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Fobybus
Fobybus social-media-skeleton
CPE cpe:2.3:a:fobybus:social-media-skeleton:*:*:*:*:*:*:*:*
References (MISC) https://github.com/fobybus/social-media-skeleton/commit/344d798e82d6cc39844962c6d3cb2560f5907848 - (MISC) https://github.com/fobybus/social-media-skeleton/commit/344d798e82d6cc39844962c6d3cb2560f5907848 - Patch
References (MISC) https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-rfmv-7m7g-v628 - (MISC) https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-rfmv-7m7g-v628 - Third Party Advisory
References (MISC) https://github.com/fobybus/social-media-skeleton/commit/df31da44ffed3ea065cbbadc3c8052d0d489a2ef - (MISC) https://github.com/fobybus/social-media-skeleton/commit/df31da44ffed3ea065cbbadc3c8052d0d489a2ef - Patch

18 Aug 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-18 22:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-40173

Mitre link : CVE-2023-40173

CVE.ORG link : CVE-2023-40173


JSON object : View

Products Affected

fobybus

  • social-media-skeleton
CWE
CWE-522

Insufficiently Protected Credentials