PHPGurukul Employee Leaves Management System 1.0 changepassword.php newpassword/confirmpassword autenticación débil

Una vulnerabilidad clasificada como problemática fue encontrada en PHPGurukul Employee Leaves Management System 1.0. Una función desconocida del archivo changepassword.php es afectada por esta vulnerabilidad. Mediante la manipulación del parámetro newpassword/confirmpassword de un input desconocido se causa una vulnerabilidad de clase autenticación débil. El advisory puede ser descargado de github.com. La vulnerabilidad es identificada como CVE-2023-0641. El ataque se puede hacer desde la red. Los detalles técnicos son conocidos. Fue declarado como proof-of-concept. El exploit puede ser descargado de github.com. Una solución posible ha sido publicada antes y no simplemente después de la publicación de la vulnerabilidad.

Campo2023-02-02 09:212023-03-01 17:142023-03-01 17:21
vendorPHPGurukulPHPGurukulPHPGurukul
nameEmployee Leaves Management SystemEmployee Leaves Management SystemEmployee Leaves Management System
version1.01.01.0
filechangepassword.phpchangepassword.phpchangepassword.php
argumentnewpassword/confirmpasswordnewpassword/confirmpasswordnewpassword/confirmpassword
cwe521 (autenticación débil)521 (autenticación débil)521 (autenticación débil)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
urlhttps://github.com/ctflearner/Vulnerability/blob/main/Employee%20Leaves%20Management%20System/ELMS.mdhttps://github.com/ctflearner/Vulnerability/blob/main/Employee%20Leaves%20Management%20System/ELMS.mdhttps://github.com/ctflearner/Vulnerability/blob/main/Employee%20Leaves%20Management%20System/ELMS.md
availability111
publicity111
urlhttps://github.com/ctflearner/Vulnerability/blob/main/Employee%20Leaves%20Management%20System/ELMS.mdhttps://github.com/ctflearner/Vulnerability/blob/main/Employee%20Leaves%20Management%20System/ELMS.mdhttps://github.com/ctflearner/Vulnerability/blob/main/Employee%20Leaves%20Management%20System/ELMS.md
cveCVE-2023-0641CVE-2023-0641CVE-2023-0641
responsibleVulDBVulDBVulDB
date1675292400 (2023-02-02)1675292400 (2023-02-02)1675292400 (2023-02-02)
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore2.62.62.6
cvss2_vuldb_tempscore2.22.22.2
cvss3_vuldb_basescore3.73.73.7
cvss3_vuldb_tempscore3.43.43.4
cvss3_meta_basescore3.73.75.5
cvss3_meta_tempscore3.43.45.4
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1675292400 (2023-02-02)1675292400 (2023-02-02)
cve_nvd_summaryA vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability.A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability.
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acH
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acH
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iN
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore2.6
cvss3_nvd_basescore9.1
cvss3_cna_basescore3.7
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!