CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-3305

A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.1%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 7.5

References

https://github.com/sleepyvv/vul_report/blob/main/C-data/BrokenAccessControl.md
https://vuldb.com/?ctiid.231801
https://vuldb.com/?id.231801
https://github.com/sleepyvv/vul_report/blob/main/C-data/BrokenAccessControl.md
https://vuldb.com/?ctiid.231801
https://vuldb.com/?id.231801

Products affected by CVE-2023-3305

Cdatatec » Web Management System » Version: N/A

cpe:2.3:a:cdatatec:web_management_system:-
Cdatatec » Web Management System » Version: 20230607

cpe:2.3:a:cdatatec:web_management_system:20230607

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3305

Products

Pricing

Contact Us