CVE-2023-3029
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Guangdong | Pythagorean OA Office System | 4.50.0 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.1 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.2 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.3 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.4 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.5 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.6 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.7 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.8 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.9 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.10 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.11 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.12 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.13 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.14 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.15 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.16 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.17 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.18 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.19 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.20 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.21 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.22 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.23 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.24 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.25 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.26 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.27 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.28 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.29 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.30 | affected |
| Guangdong | Pythagorean OA Office System | 4.50.31 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery
ADP Enrichment
CVE Program Container
Additional References
- https://vuldb.com/?id.230458
- https://vuldb.com/?ctiid.230458
- https://gitee.com/gouguopen/office/issues/I74VRG
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.230458
- https://vuldb.com/?ctiid.230458
- https://gitee.com/gouguopen/office/issues/I74VRG
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.