CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-53914

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative account with full system access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.7%

CVSS Severity

CVSS v3 Score 9.8

References

https://web.archive.org/web/20230314183734/https://en.ulicms.de/
https://www.exploit-db.com/exploits/51486
https://www.vulncheck.com/advisories/ulicms-authentication-bypass-via-mass-assignment-vulnerability
https://www.exploit-db.com/exploits/51486

Products affected by CVE-2023-53914

Ulicms » Ulicms » Version: 2023.1

cpe:2.3:a:ulicms:ulicms:2023.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53914

Products

Pricing

Contact Us