CVE-2023-46449
Severity
8.8HIGH
EPSS
0.3%
top 51.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 26
Description
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9