CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3066 – Mobatime mobile application - Broken authorisation
https://notcve.org/view.php?id=CVE-2023-3066
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20. • https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html • CWE-639: Authorization Bypass Through User-Controlled Key CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3065 – Mobatime mobile application - Authentication bypass
https://notcve.org/view.php?id=CVE-2023-3065
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20. • https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3064 – Mobatime mobile application - Sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-3064
Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. • https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3033 – Mobatime web application - broken authorisation mechanisms
https://notcve.org/view.php?id=CVE-2023-3033
Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22. • https://borelenzo.github.io/stuff/2023/06/01/cve-2023-3033.html • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3032 – Mobatime web application - Arbitrary file upload (RCE)
https://notcve.org/view.php?id=CVE-2023-3032
Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22. • https://borelenzo.github.io/stuff/2023/06/01/cve-2023-3032.html • CWE-434: Unrestricted Upload of File with Dangerous Type •