VulDBCVELIST:CVE-2023-3029CVE-2023-3029 Guangdong Pythagorean OA Office System delete cross-site request forgery
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
50.3%
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.
CNA Affected
[
{
"vendor": "Guangdong",
"product": "Pythagorean OA Office System",
"versions": [
{
"version": "4.50.0",
"status": "affected"
},
{
"version": "4.50.1",
"status": "affected"
},
{
"version": "4.50.2",
"status": "affected"
},
{
"version": "4.50.3",
"status": "affected"
},
{
"version": "4.50.4",
"status": "affected"
},
{
"version": "4.50.5",
"status": "affected"
},
{
"version": "4.50.6",
"status": "affected"
},
{
"version": "4.50.7",
"status": "affected"
},
{
"version": "4.50.8",
"status": "affected"
},
{
"version": "4.50.9",
"status": "affected"
},
{
"version": "4.50.10",
"status": "affected"
},
{
"version": "4.50.11",
"status": "affected"
},
{
"version": "4.50.12",
"status": "affected"
},
{
"version": "4.50.13",
"status": "affected"
},
{
"version": "4.50.14",
"status": "affected"
},
{
"version": "4.50.15",
"status": "affected"
},
{
"version": "4.50.16",
"status": "affected"
},
{
"version": "4.50.17",
"status": "affected"
},
{
"version": "4.50.18",
"status": "affected"
},
{
"version": "4.50.19",
"status": "affected"
},
{
"version": "4.50.20",
"status": "affected"
},
{
"version": "4.50.21",
"status": "affected"
},
{
"version": "4.50.22",
"status": "affected"
},
{
"version": "4.50.23",
"status": "affected"
},
{
"version": "4.50.24",
"status": "affected"
},
{
"version": "4.50.25",
"status": "affected"
},
{
"version": "4.50.26",
"status": "affected"
},
{
"version": "4.50.27",
"status": "affected"
},
{
"version": "4.50.28",
"status": "affected"
},
{
"version": "4.50.29",
"status": "affected"
},
{
"version": "4.50.30",
"status": "affected"
},
{
"version": "4.50.31",
"status": "affected"
}
]
}
]Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
50.3%