// For flags

CVE-2023-4183

SourceCodester Inventory Management System Password edit_update.php access control

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability.

Se ha encontrado una vulnerabilidad en SourceCodester Inventory Management System v1.0 y se ha clasificado como problemática. Esta vulnerabilidad afecta a código desconocido del archivo "edit_update.php" del componente "Password Handler". La manipulación del argumento "user_id" conduce a controles de acceso inadecuados. El ataque puede iniciarse de forma remota. VDB-236218 es el identificador asignado a esta vulnerabilidad.

In SourceCodester Inventory Management System 1.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei edit_update.php der Komponente Password Handler. Durch Manipulation des Arguments user_id mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen.

*Credits: mikel22
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-08-05 CVE Reserved
  • 2023-08-06 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-09-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
CAPEC
References (0)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Inventory Management System Project
Search vendor "Inventory Management System Project"
 Inventory Management System
Search vendor "Inventory Management System Project" for product "Inventory Management System"
 1.0
Search vendor "Inventory Management System Project" for product "Inventory Management System" and version "1.0"
-
Affected