Vulnerability Details CVE-2023-0959
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.6%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-0959
-
cpe:2.3:a:imaworldhealth:bhima:1.27.0