Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and
'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.
References
Configurations
History
No history.
Information
Published : 2023-11-30 18:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6342
Mitre link : CVE-2023-6342
CVE.ORG link : CVE-2023-6342
JSON object : View
Products Affected
tylertech
- court_case_management_plus
CWE
CWE-287
Improper Authentication