// For flags

CVE-2023-38872

 

Severity Score

3.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.

Una vulnerabilidad de Referencia Directa de Objetos Inseguros (IDOR) en el commit 3730880 de gugoan Economizzer (abril de 2023) y v.0.9-beta1 permite a cualquier atacante no autenticado acceder a archivos adjuntos de asientos en el cash book de cualquier otro usuario, si conoce el ID del archivo adjunto.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
Poc
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-07-25 CVE Reserved
  • 2023-09-28 CVE Published
  • 2024-09-23 CVE Updated
  • 2024-09-23 First Exploit
  • 2024-10-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Economizzer
Search vendor "Economizzer"
Economizzer
Search vendor "Economizzer" for product "Economizzer"
0.9
Search vendor "Economizzer" for product "Economizzer" and version "0.9"
beta1, wordpress
Affected
Economizzer
Search vendor "Economizzer"
Economizzer
Search vendor "Economizzer" for product "Economizzer"
april_2023
Search vendor "Economizzer" for product "Economizzer" and version "april_2023"
wordpress
Affected