CVE-2023-3029

Summary

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
GuangdongPythagorean OA Office System4.50.0affected
GuangdongPythagorean OA Office System4.50.1affected
GuangdongPythagorean OA Office System4.50.2affected
GuangdongPythagorean OA Office System4.50.3affected
GuangdongPythagorean OA Office System4.50.4affected
GuangdongPythagorean OA Office System4.50.5affected
GuangdongPythagorean OA Office System4.50.6affected
GuangdongPythagorean OA Office System4.50.7affected
GuangdongPythagorean OA Office System4.50.8affected
GuangdongPythagorean OA Office System4.50.9affected
GuangdongPythagorean OA Office System4.50.10affected
GuangdongPythagorean OA Office System4.50.11affected
GuangdongPythagorean OA Office System4.50.12affected
GuangdongPythagorean OA Office System4.50.13affected
GuangdongPythagorean OA Office System4.50.14affected
GuangdongPythagorean OA Office System4.50.15affected
GuangdongPythagorean OA Office System4.50.16affected
GuangdongPythagorean OA Office System4.50.17affected
GuangdongPythagorean OA Office System4.50.18affected
GuangdongPythagorean OA Office System4.50.19affected
GuangdongPythagorean OA Office System4.50.20affected
GuangdongPythagorean OA Office System4.50.21affected
GuangdongPythagorean OA Office System4.50.22affected
GuangdongPythagorean OA Office System4.50.23affected
GuangdongPythagorean OA Office System4.50.24affected
GuangdongPythagorean OA Office System4.50.25affected
GuangdongPythagorean OA Office System4.50.26affected
GuangdongPythagorean OA Office System4.50.27affected
GuangdongPythagorean OA Office System4.50.28affected
GuangdongPythagorean OA Office System4.50.29affected
GuangdongPythagorean OA Office System4.50.30affected
GuangdongPythagorean OA Office System4.50.31affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References