CVE-2023-1858 — Sensitive Information Exposure in Earnings AND Expense Tracker APP

CWE-200 — Sensitive Information Exposure CWE-416 — Use After Free4 documents4 sources

Severity

7.5HIGHNVD

CNA4.3

EPSS

0.2%

top 57.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Earnings AND Expense Tracker APP Earnings AND Expense Tracker APP Project Earnings AND Expense Tracker APP

Timeline

PublishedApr 5

Latest updateSep 4

Description

A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-224997 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sourcecodester/earnings_and_expense_tracker_app1.0

▶NVDearnings_and_expense_tracker_app_project/earnings_and_expense_tracker_app1.0

🔴Vulnerability Details

CVEList

SourceCodester Earnings and Expense Tracker App index.php information disclosure↗2023-04-05

▶

GHSA

GHSA-3rvc-764q-q5rq: A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1↗2023-04-05

▶

📋Vendor Advisories

Red Hat

vim: use-after-free in function ins_compl_get_exp in vim/vim↗2023-09-04

▶