CVE-2023-4868

A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability.

CVSS v3 8.8 HIGH
CVSS v2.0 5.0 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://skypoc.wordpress.com/2023/09/05/vuln1/	Exploit Third Party Advisory
https://vuldb.com/?ctiid.239353	Permissions Required Third Party Advisory
https://vuldb.com/?id.239353	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:contact_manager_app_project:contact_manager_app:1.0:*:*:*:*:*:*:*

History

13 Sep 2023, 13:49

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~(MISC) https://vuldb.com/?ctiid.239353 -~~	(MISC) https://vuldb.com/?ctiid.239353 - Permissions Required, Third Party Advisory
References	~~(MISC) https://skypoc.wordpress.com/2023/09/05/vuln1/ -~~	(MISC) https://skypoc.wordpress.com/2023/09/05/vuln1/ - Exploit, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.239353 -~~	(MISC) https://vuldb.com/?id.239353 - Third Party Advisory
First Time		Contact Manager App Project contact Manager App Contact Manager App Project
CPE		cpe:2.3:a:contact_manager_app_project:contact_manager_app:1.0:::::::*

10 Sep 2023, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-10 01:15

Updated : 2024-05-17 02:31

NVD link : CVE-2023-4868

Mitre link : CVE-2023-4868

CVE.ORG link : CVE-2023-4868

JSON object : View

Products Affected

contact_manager_app_project

contact_manager_app

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2023-4868", "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-09-10T01:15:07.910", "references": [{"url": "https://skypoc.wordpress.com/2023/09/05/vuln1/", "tags": ["Exploit", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.239353", "tags": ["Permissions Required", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.239353", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en la aplicaci\u00f3n SourceCodester Contact Manager 1.0. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo add.php. La manipulaci\u00f3n conduce a un Cross-Site Request Forgery (CSRF). El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado. El identificador VDB-239353 se asign\u00f3 a esta vulnerabilidad."}], "lastModified": "2024-05-17T02:31:50.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:contact_manager_app_project:contact_manager_app:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D9CD07E-449D-4B49-A833-6972FB29BBE1"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}