CVE-2023-6773
MEDIUM
4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
MEDIUM
4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: none
Integrity: partial
Availability: none
Description
AI Translation Available
A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247909 was assigned to this vulnerability.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0006
Percentile
0,2th
Updated
EPSS Score Trend (Last 90 Days)
284
Improper Access Control
IncompleteCommon Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
Technologies:
ICS/OT, Not Technology-Specific, Web Based
Application
Pos And Inventory Management System by Codeastro
CPE Identifier
View Detailed Analysis
cpe:2.3:a:codeastro:pos_and_inventory_management_system:1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://drive.google.com/drive/folders/1yuc1n6tr57wD8qsT0HAFDVAuii7iibDM?usp=sh…
https://vuldb.com/?ctiid.247909
https://vuldb.com/?id.247909
https://drive.google.com/drive/folders/1yuc1n6tr57wD8qsT0HAFDVAuii7iibDM?usp=sh…
https://vuldb.com/?ctiid.247909
https://vuldb.com/?id.247909