CVE-2023-0785 — LOW (3.7) — White Hats Nepal

Vulnerability Description

A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability.

CVSS Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mayurik	Best Online News Portal	1.0

Related Weaknesses (CWE)

CWE-202

References

https://vuldb.com/?ctiid.220645Permissions RequiredThird Party Advisory
https://vuldb.com/?id.220645Third Party Advisory
https://youtu.be/n_BfBlsUIN8Exploit
https://vuldb.com/?ctiid.220645Permissions RequiredThird Party Advisory
https://vuldb.com/?id.220645Third Party Advisory
https://youtu.be/n_BfBlsUIN8Exploit

FAQ

What is CVE-2023-0785?

CVE-2023-0785 is a vulnerability with a CVSS score of 3.7 (LOW). A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The ma...

How severe is CVE-2023-0785?

CVE-2023-0785 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-0785?

Check the references section above for vendor advisories and patch information. Affected products include: Mayurik Best Online News Portal.