Vulnerability Description
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Szjocat | Facial Love Cloud Platform | <= 1.0.55.0.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/gatsby2003/Shenzhen-Youkate-Industrial-Co.-Ltd/blob/main/ShenThird Party Advisory
- https://vuldb.com/?ctiid.245061Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.245061Third Party Advisory
- https://github.com/gatsby2003/Shenzhen-Youkate-Industrial-Co.-Ltd/blob/main/ShenThird Party Advisory
- https://vuldb.com/?ctiid.245061Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.245061Third Party Advisory
FAQ
What is CVE-2023-6099?
CVE-2023-6099 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of th...
How severe is CVE-2023-6099?
CVE-2023-6099 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6099?
Check the references section above for vendor advisories and patch information. Affected products include: Szjocat Facial Love Cloud Platform.