CVE-2023-46449

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.
References
Link Resource
https://github.com/sajaljat/CVE-2023-46449/tree/main Exploit Third Party Advisory
https://www.youtube.com/watch?v=H5QnsOKjs3s Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:inventory_management_system:1.0:*:*:*:*:*:*:*

History

30 Oct 2023, 15:55

Type Values Removed Values Added
CPE cpe:2.3:a:mayurik:inventory_management_system:1.0:*:*:*:*:*:*:*
CWE CWE-732
References (MISC) https://www.youtube.com/watch?v=H5QnsOKjs3s - (MISC) https://www.youtube.com/watch?v=H5QnsOKjs3s - Exploit, Third Party Advisory
References (MISC) https://github.com/sajaljat/CVE-2023-46449/tree/main - (MISC) https://github.com/sajaljat/CVE-2023-46449/tree/main - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Mayurik
Mayurik inventory Management System

26 Oct 2023, 15:32

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-26 15:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-46449

Mitre link : CVE-2023-46449

CVE.ORG link : CVE-2023-46449


JSON object : View

Products Affected

mayurik

  • inventory_management_system
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource