CVE-2023-46393

Exploit

EPSS 0.03%
Veröffentlicht 27.10.2023 14:15:08
Zuletzt bearbeitet 21.11.2024 08:28:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gougucms ≫ Gougucms Version4.08.18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-460 Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

https://gitee.com/gouguopen/gougucms/issues/I88TKH

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-46393

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46393

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46393

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-46393