CVE-2023-3018
published 2023-05-31CVE-2023-3018: A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of…
PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.73%
49.8th percentile
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 5.11.0 < 5.15.108 | 5.15.108 |
| linux | linux_kernel | >= 5.16.0 < 6.1.25 | 6.1.25 |
| linux | linux_kernel | >= 6.2.0 < 6.2.12 | 6.2.12 |
| oretnom23 | lost_and_found_information_system | — | — |
| sourcecodester | lost_and_found_information_system | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mptcp: stricter state check in mptcp_worker
osv·2025-12-30
CVE-2023-54176 mptcp: stricter state check in mptcp_worker
mptcp: stricter state check in mptcp_worker
In the Linux kernel, the following vulnerability has been resolved:
mptcp: stricter state check in mptcp_worker
As reported by Christoph, the mptcp protocol can run the
worker when the relevant msk socket is in an unexpected state:
connect()
// incoming reset + fastclose
// the mptcp worker is scheduled
mptcp_disconnect()
// msk is now CLOSED
listen()
mptcp_worker()
Leading to the following splat:
divide error: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 21 Comm: kworker/1:0 Not tainted 6.3.0-rc1-gde5e8fd0123c #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
Workqueue: events mptcp_worker
RIP: 0010:__tcp_select_window+0x22c/0x4b0 net/ipv4/tcp_output.c:3018
RSP: 0018:ffffc900000b3c98 EFLAGS: 00010293
RAX: 0000000
GHSA
GHSA-8cxp-cgh6-2vj8: A vulnerability was found in SourceCodester Lost and Found Information System 1
ghsa_unreviewed·2023-05-31
CVE-2023-3018 [MEDIUM] CWE-284 GHSA-8cxp-cgh6-2vj8: A vulnerability was found in SourceCodester Lost and Found Information System 1
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450dhttps://vuldb.com/?ctiid.230362https://vuldb.com/?id.230362https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450dhttps://vuldb.com/?ctiid.230362https://vuldb.com/?id.230362
2023-05-31
Published