CVE-2023-43457

2023-09-2500:00:00

mitre

www.cve.org

service provider management

remote attacker

gain privileges

id parameter

endpoint

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.3%

JSON

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.

References

samh4cks.github.io/posts/cve-2023-43457/

www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html

www.sourcecodester.com/users/tips23