Vulnerability Details CVE-2023-45824
OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.7%
CVSS Severity
CVSS v3 Score 4.3
References
- https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
- https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3
- https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
- https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3
Products affected by CVE-2023-45824
-
cpe:2.3:a:oroinc:oroplatform:4.2.0
-
cpe:2.3:a:oroinc:oroplatform:4.2.1
-
cpe:2.3:a:oroinc:oroplatform:4.2.10
-
cpe:2.3:a:oroinc:oroplatform:4.2.2
-
cpe:2.3:a:oroinc:oroplatform:4.2.3
-
cpe:2.3:a:oroinc:oroplatform:4.2.4
-
cpe:2.3:a:oroinc:oroplatform:4.2.5
-
cpe:2.3:a:oroinc:oroplatform:4.2.6
-
cpe:2.3:a:oroinc:oroplatform:4.2.7
-
cpe:2.3:a:oroinc:oroplatform:4.2.8
-
cpe:2.3:a:oroinc:oroplatform:4.2.9
-
cpe:2.3:a:oroinc:oroplatform:5.0.0
-
cpe:2.3:a:oroinc:oroplatform:5.0.1
-
cpe:2.3:a:oroinc:oroplatform:5.0.10
-
cpe:2.3:a:oroinc:oroplatform:5.0.11
-
cpe:2.3:a:oroinc:oroplatform:5.0.12
-
cpe:2.3:a:oroinc:oroplatform:5.0.2
-
cpe:2.3:a:oroinc:oroplatform:5.0.3
-
cpe:2.3:a:oroinc:oroplatform:5.0.4
-
cpe:2.3:a:oroinc:oroplatform:5.0.5
-
cpe:2.3:a:oroinc:oroplatform:5.0.6
-
cpe:2.3:a:oroinc:oroplatform:5.0.7
-
cpe:2.3:a:oroinc:oroplatform:5.0.8
-
cpe:2.3:a:oroinc:oroplatform:5.0.9
-
cpe:2.3:a:oroinc:oroplatform:5.1.0
-
cpe:2.3:a:oroinc:oroplatform:5.1.1
-
cpe:2.3:a:oroinc:oroplatform:5.1.2
-
cpe:2.3:a:oroinc:oroplatform:5.1.3