Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-0916

CWE-284 — Improper Access Control4 documents4 sources

Severity

8.8HIGH

EPSS

2.2%

top 15.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sourcecodester Auto Dealer Management System Auto Dealer Management System Project Auto Dealer Management System

Timeline

PublishedFeb 19

Latest updateApr 6

Description

A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/auto_dealer_management_system1.0

▶NVDauto_dealer_management_system_project/auto_dealer_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Auto Dealer Management System Users.php access control↗2023-02-19

▶

GHSA

GHSA-x4mp-q79c-863h: A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1↗2023-02-19

▶

💥Exploits & PoCs

Exploit-DB

Auto Dealer Management System 1.0 - Broken Access Control Exploit↗2023-04-06

▶