Lucene search

[email protected]CVE-2023-26774

HistoryApr 10, 2023 - 12:15 p.m.

CVE-2023-26774

2023-04-1012:15:07

[email protected]

web.nvd.nist.gov

cve-2023-26774

sales tracker management system

remote attacker

sensitive information

nvd

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint.

Affected configurations

NVD

Node

sales_tracker_management_system_projectsales_tracker_management_systemMatch1.0

CPENameOperatorVersion
sales_tracker_management_system_project:sales_tracker_management_systemsales tracker management system project sales tracker management systemeq1.0

CPE	Name	Operator	Version
sales_tracker_management_system_project:sales_tracker_management_system	sales tracker management system project sales tracker management system	eq	1.0

References

packetstormsecurity.com/files/171692/Sales-Tracker-Management-System-1.0-Insecure-Direct-Object-Reference.html

twitter.com/retrymp3

www.sourcecodester.com/download-code?nid=16061&title=Sales+Tracker+Management+System+using+PHP+Free+Source+Code

www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for CVE-2023-26774

cvelist1 nvd1 prion1 packetstorm1