Lucene search
HistoryJun 01, 2023 - 6:15 a.m.
CVE-2023-3029
cve-2023-3029
vulnerability
guangdong pythagorean oa office system
cross-site request forgery
remote exploit
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.6%
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.
Affected configurations
Node
pythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.0
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.1
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.2
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.3
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.4
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.5
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.6
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.7
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.8
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.9
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.10
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.11
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.12
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.13
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.14
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.15
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.16
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.17
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.18
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.19
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.20
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.21
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.22
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.23
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.24
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.25
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.26
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.27
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.28
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.29
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.30
ORpythagorean_oa_office_system_projectpythagorean_oa_office_systemMatch4.50.31
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pythagorean_oa_office_system_project | pythagorean_oa_office_system | 4.50.0 | cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:4.50.0:*:*:*:*:*:*:* |
| pythagorean_oa_office_system_project | pythagorean_oa_office_system | 4.50.1 | cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:4.50.1:*:*:*:*:*:*:* |
| pythagorean_oa_office_system_project | pythagorean_oa_office_system | 4.50.2 | cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:4.50.2:*:*:*:*:*:*:* |
| pythagorean_oa_office_system_project | pythagorean_oa_office_system | 4.50.3 | cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:4.50.3:*:*:*:*:*:*:* |
| pythagorean_oa_office_system_project | pythagorean_oa_office_system | 4.50.4 | cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:4.50.4:*:*:*:*:*:*:* |
| pythagorean_oa_office_system_project | pythagorean_oa_office_system | 4.50.5 | cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:4.50.5:*:*:*:*:*:*:* |
| pythagorean_oa_office_system_project | pythagorean_oa_office_system | 4.50.6 | cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:4.50.6:*:*:*:*:*:*:* |
| pythagorean_oa_office_system_project | pythagorean_oa_office_system | 4.50.7 | cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:4.50.7:*:*:*:*:*:*:* |
| pythagorean_oa_office_system_project | pythagorean_oa_office_system | 4.50.8 | cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:4.50.8:*:*:*:*:*:*:* |
| pythagorean_oa_office_system_project | pythagorean_oa_office_system | 4.50.9 | cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:4.50.9:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Guangdong",
"product": "Pythagorean OA Office System",
"versions": [
{
"version": "4.50.0",
"status": "affected"
},
{
"version": "4.50.1",
"status": "affected"
},
{
"version": "4.50.2",
"status": "affected"
},
{
"version": "4.50.3",
"status": "affected"
},
{
"version": "4.50.4",
"status": "affected"
},
{
"version": "4.50.5",
"status": "affected"
},
{
"version": "4.50.6",
"status": "affected"
},
{
"version": "4.50.7",
"status": "affected"
},
{
"version": "4.50.8",
"status": "affected"
},
{
"version": "4.50.9",
"status": "affected"
},
{
"version": "4.50.10",
"status": "affected"
},
{
"version": "4.50.11",
"status": "affected"
},
{
"version": "4.50.12",
"status": "affected"
},
{
"version": "4.50.13",
"status": "affected"
},
{
"version": "4.50.14",
"status": "affected"
},
{
"version": "4.50.15",
"status": "affected"
},
{
"version": "4.50.16",
"status": "affected"
},
{
"version": "4.50.17",
"status": "affected"
},
{
"version": "4.50.18",
"status": "affected"
},
{
"version": "4.50.19",
"status": "affected"
},
{
"version": "4.50.20",
"status": "affected"
},
{
"version": "4.50.21",
"status": "affected"
},
{
"version": "4.50.22",
"status": "affected"
},
{
"version": "4.50.23",
"status": "affected"
},
{
"version": "4.50.24",
"status": "affected"
},
{
"version": "4.50.25",
"status": "affected"
},
{
"version": "4.50.26",
"status": "affected"
},
{
"version": "4.50.27",
"status": "affected"
},
{
"version": "4.50.28",
"status": "affected"
},
{
"version": "4.50.29",
"status": "affected"
},
{
"version": "4.50.30",
"status": "affected"
},
{
"version": "4.50.31",
"status": "affected"
}
]
}
]Related
prion
prion
Cross site request forgery (csrf)
2023-06-01 06:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-3029
2023-06-01 06:15:15
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.6%
Related for CVE-2023-3029