Vulnerability Details CVE-2023-45503
SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.4%
CVSS Severity
CVSS v3 Score 5.3
References
- https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing
- https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file
- https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing
- https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file
Products affected by CVE-2023-45503
-
cpe:2.3:a:macs_cms_project:macs_cms:1.1.4f