cbcvebase.
CVE-2023-0963
published 2023-02-22

CVE-2023-0963: A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.67%
90.6th percentile
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
music_gallery_site_projectmusic_gallery_site
sourcecodestermusic_gallery_site

Detection & IOCsextracted from sources · hover to see the quote

path/php-music/classes/Users.php
path/php-music/classes/Master.php
url/php-music/classes/Users.php?f=save
commandPOST /php-music/classes/Users.php?f=save HTTP/1.1
  • Detect unauthenticated POST requests to Users.php?f=save — no session cookie is required for successful exploitation; monitor for multipart/form-data POST requests to this endpoint originating from unauthenticated sessions.
  • Alert on POST requests to /php-music/classes/Users.php or /php-music/classes/Master.php that include a 'type=1' parameter in the body, which designates admin-level user creation.
  • Flag multipart/form-data POST requests to Users.php containing both 'username' and 'password' fields from unauthenticated (cookieless) HTTP sessions, as this is the exploit delivery mechanism.
  • Monitor for admin user creation events in the application database that are not preceded by a valid authenticated session, as the vulnerability allows remote admin account creation without login.
  • ·Both Users.php and Master.php lack any authentication/authorization check at the top of the file, meaning ALL parameters and functions exposed by these endpoints are unprotected — detection scope should cover the entire file, not just the ?f=save action.
  • ·The exploit was tested on Windows 11 with a localhost deployment; path traversal or URL prefix (/php-music/) may differ in production deployments — tune detection rules to account for variable install-path prefixes.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.