CVE-2023-45503
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing
- https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file
References
- https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing
- https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.