Vulnerability CVE-2023-38965


Published: 2023-11-03

Description:
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Lost And Found Information System 1.0 Insecure Direct Object Reference
Or4nG.M4N
16.10.2023

 References:
https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt
http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html

Copyright 2024, cxsecurity.com

 

Back to Top