CVE-2023-46449 — HIGH (8.8)

Vulnerability Description

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mayurik	Inventory Management System	1.0

Related Weaknesses (CWE)

CWE-732

References

https://github.com/sajaljat/CVE-2023-46449/tree/mainExploitThird Party Advisory
https://www.youtube.com/watch?v=H5QnsOKjs3sExploitThird Party Advisory
https://github.com/sajaljat/CVE-2023-46449/tree/mainExploitThird Party Advisory
https://www.youtube.com/watch?v=H5QnsOKjs3sExploitThird Party Advisory

FAQ

What is CVE-2023-46449?

CVE-2023-46449 is a vulnerability with a CVSS score of 8.8 (HIGH). Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via I...

How severe is CVE-2023-46449?

CVE-2023-46449 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-46449?

Check the references section above for vendor advisories and patch information. Affected products include: Mayurik Inventory Management System.