Vulnerability Description
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fobybus | Social-Media-Skeleton | < 1.0.5 |
Related Weaknesses (CWE)
References
- https://github.com/fobybus/social-media-skeleton/commit/344d798e82d6cc39844962c6Patch
- https://github.com/fobybus/social-media-skeleton/commit/df31da44ffed3ea065cbbadcPatch
- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-rfmv-7Third Party Advisory
- https://github.com/fobybus/social-media-skeleton/commit/344d798e82d6cc39844962c6Patch
- https://github.com/fobybus/social-media-skeleton/commit/df31da44ffed3ea065cbbadcPatch
- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-rfmv-7Third Party Advisory
FAQ
What is CVE-2023-40173?
CVE-2023-40173 is a vulnerability with a CVSS score of 7.5 (HIGH). Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords l...
How severe is CVE-2023-40173?
CVE-2023-40173 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40173?
Check the references section above for vendor advisories and patch information. Affected products include: Fobybus Social-Media-Skeleton.