Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-0905

CWE-287 — Improper Authentication4 documents4 sources

Severity

7.5HIGH

EPSS

3.6%

top 12.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sourcecodester Employee Task Management System Employee Task Management System Project Employee Task Management System

Timeline

PublishedFeb 18

Latest updateApr 6

Description

A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/employee_task_management_system1.0

▶NVDemployee_task_management_system_project/employee_task_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication↗2023-02-18

▶

GHSA

GHSA-m8gm-9m6q-6xm3: A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1↗2023-02-18

▶

💥Exploits & PoCs

Exploit-DB

Employee Task Management System v1.0 - Broken Authentication↗2023-04-06

▶