Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-0963

CWE-284Improper Access Control4 documents4 sources
Severity
9.8CRITICAL
EPSS
5.8%
top 9.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Sourcecodester Music Gallery SiteMusic Gallery Site Project Music Gallery Site
Timeline
PublishedFeb 22
Latest updateApr 6

Description

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Music Gallery Site POST Request Users.php access control2023-02-22
GHSA
GHSA-77pv-69c3-pjgf: A vulnerability was found in SourceCodester Music Gallery Site 12023-02-22

💥Exploits & PoCs

1
Exploit-DB
Music Gallery Site v1.0 - Broken Access Control2023-04-06
CVE-2023-0963 (CRITICAL CVSS 9.8) | A vulnerability was found in Source | cvebase.io