Lucene search

[email protected]CVE-2023-37759

HistorySep 08, 2023 - 3:15 a.m.

CVE-2023-37759

2023-09-0803:15:08

[email protected]

web.nvd.nist.gov

cve-2023-37759

incorrect access control

user registration page

crypto currency tracker

cct

admin account

crafted post request

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.078 Low

EPSS

Percentile

94.2%

JSON

Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.

Affected configurations

NVD

Node

trendylogicscrypto_currency_trackerRange≤9.5

CPENameOperatorVersion
trendylogics:crypto_currency_trackertrendylogics crypto currency trackerle9.5

CPE	Name	Operator	Version
trendylogics:crypto_currency_tracker	trendylogics crypto currency tracker	le	9.5

References

codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008

packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html

tregix.com/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.078 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2023-37759

cvelist1 prion1 zdt1 nvd1 packetstorm1 exploitdb1