CVE-2023-7055

A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.248742	Permissions Required Third Party Advisory
https://vuldb.com/?id.248742	Third Party Advisory
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.248742	Permissions Required Third Party Advisory
https://vuldb.com/?id.248742	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:online_notes_sharing_system:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-22 03:15

Updated : 2024-11-21 08:45

NVD link : CVE-2023-7055

Mitre link : CVE-2023-7055

CVE.ORG link : CVE-2023-7055

JSON object : View

Products Affected

phpgurukul

online_notes_sharing_system

CWE

CWE-284

Improper Access Control

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2023-7055", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2023-12-22T03:15:09.790", "references": [{"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.248742", "tags": ["Permissions Required", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.248742", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?ctiid.248742", "tags": ["Permissions Required", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.248742", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en PHPGurukul Online Notes Sharing System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /user/profile.php del componente Contact Information Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento mobilenumber conduce a controles de acceso inadecuados. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada y puede utilizarse. VDB-248742 es el identificador asignado a esta vulnerabilidad."}], "lastModified": "2024-11-21T08:45:08.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:online_notes_sharing_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F13021B-DBB9-4471-BD20-7DAA03BB1981"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}