CVE-2023-46449

{"id": "CVE-2023-46449", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-26T15:15:09.257", "references": [{"url": "https://github.com/sajaljat/CVE-2023-46449/tree/main", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=H5QnsOKjs3s", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function."}, {"lang": "es", "value": "El sistema de gesti\u00f3n de inventario Gratuito y de C\u00f3digo Abierto Sourcecodester v1.0 es vulnerable a un control de acceso incorrecto. Un usuario arbitrario puede cambiar la contrase\u00f1a de otro usuario y hacerse cargo de la cuenta a trav\u00e9s de IDOR en la funci\u00f3n de cambio de contrase\u00f1a."}], "lastModified": "2023-10-30T15:55:58.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mayurik:inventory_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92A0265A-E1A5-4424-8D30-EC76231AEE53"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}