CVE-2023-0785

Exploit

EPSS 0.25%
Veröffentlicht 12.02.2023 08:15:10
Zuletzt bearbeitet 07.03.2025 14:49:58
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mayurik ≫ Best Online News Portal Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.484

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-202 Exposure of Sensitive Information Through Data Queries

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

https://vuldb.com/?ctiid.220645

Third Party Advisory

Permissions Required

https://vuldb.com/?id.220645

Third Party Advisory

https://youtu.be/n_BfBlsUIN8

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-0785

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0785

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0785

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-0785