CVE-2023-46449

EUVD-2023-50665
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
mayurikinventory_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/sajaljat/CVE-2023-46449/tree/main
https://www.youtube.com/watch?v=H5QnsOKjs3s
https://github.com/sajaljat/CVE-2023-46449/tree/main
https://www.youtube.com/watch?v=H5QnsOKjs3s