CVE-2023-43154
 
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.
En Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, la comparación vaga en la función "isValidLogin()" durante el intento de inicio de sesión da como resultado una vulnerabilidad de confusión de tipo PHP que conduce a la omisión de autenticación y la toma de control de la cuenta de administrador.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-18 CVE Reserved
- 2023-09-22 First Exploit
- 2023-09-26 CVE Published
- 2024-09-24 CVE Updated
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://cxsecurity.com/issue/WLB-2023090075 | Third Party Advisory | |
https://github.com/ally-petitt/macs-cms-auth-bypass | Product |
URL | Date | SRC |
---|---|---|
https://github.com/ally-petitt/CVE-2023-43154-PoC | 2023-09-22 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Macs Cms Project Search vendor "Macs Cms Project" | Macs Cms Search vendor "Macs Cms Project" for product "Macs Cms" | 1.1.4f Search vendor "Macs Cms Project" for product "Macs Cms" and version "1.1.4f" | - |
Affected
|