CVE-2023-38872
 
Severity Score
3.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
Una vulnerabilidad de Referencia Directa de Objetos Inseguros (IDOR) en el commit 3730880 de gugoan Economizzer (abril de 2023) y v.0.9-beta1 permite a cualquier atacante no autenticado acceder a archivos adjuntos de asientos en el cash book de cualquier otro usuario, si conoce el ID del archivo adjunto.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-25 CVE Reserved
- 2023-09-28 CVE Published
- 2024-09-23 CVE Updated
- 2024-09-23 First Exploit
- 2024-10-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/gugoan/economizzer | Product | |
https://www.economizzer.org | Product |
URL | Date | SRC |
---|---|---|
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38872 | 2024-09-23 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Economizzer Search vendor "Economizzer" | Economizzer Search vendor "Economizzer" for product "Economizzer" | 0.9 Search vendor "Economizzer" for product "Economizzer" and version "0.9" | beta1, wordpress |
Affected
| ||||||
Economizzer Search vendor "Economizzer" | Economizzer Search vendor "Economizzer" for product "Economizzer" | april_2023 Search vendor "Economizzer" for product "Economizzer" and version "april_2023" | wordpress |
Affected
|