Summaryinfo

A vulnerability classified as critical was found in XiaoBingby TeaCMS 2.3.3. This affects an unknown function. Executing a manipulation of the argument id/keywords can lead to access control. This vulnerability is registered as CVE-2023-27091. No exploit is available. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability was found in XiaoBingby TeaCMS 2.3.3. It has been declared as critical. This vulnerability affects an unknown function. The manipulation of the argument id/keywords with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).

The weakness was published 04/05/2023. The advisory is shared for download at gitee.com. This vulnerability was named CVE-2023-27091 since 02/27/2023. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1068.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-30878). Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• XiaoBingby

Name

• TeaCMS

Version

• 2.3.3

Website

• Product: https://gitee.com/xiaobingby/TeaCMS/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion