CVE-2023-7053
Vulnerability from cvelistv5
Published
2023-12-22 01:31
Modified
2024-08-02 08:50
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS score ?
Summary
PHPGurukul Online Notes Sharing System signup.php weak password
References
▼ | URL | Tags | |
---|---|---|---|
cna@vuldb.com | https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/note_weakpass.md | Exploit, Third Party Advisory | |
cna@vuldb.com | https://vuldb.com/?ctiid.248740 | Permissions Required, Third Party Advisory | |
cna@vuldb.com | https://vuldb.com/?id.248740 | Third Party Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
PHPGurukul | Online Notes Sharing System |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:50:07.701Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://vuldb.com/?id.248740" }, { "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.248740" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/note_weakpass.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Online Notes Sharing System", "vendor": "PHPGurukul", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "analyst", "value": "dhabaleshwar (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740." }, { "lang": "de", "value": "In PHPGurukul Online Notes Sharing System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /user/signup.php. Durch Manipulieren mit unbekannten Daten kann eine weak password requirements-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-521", "description": "CWE-521 Weak Password Requirements", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-22T01:31:04.354Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "vdb-entry" ], "url": "https://vuldb.com/?id.248740" }, { "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.248740" }, { "tags": [ "exploit" ], "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/note_weakpass.md" } ], "timeline": [ { "lang": "en", "time": "2023-12-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2023-12-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2023-12-21T17:17:31.000Z", "value": "VulDB entry last update" } ], "title": "PHPGurukul Online Notes Sharing System signup.php weak password" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2023-7053", "datePublished": "2023-12-22T01:31:04.354Z", "dateReserved": "2023-12-21T16:09:21.282Z", "dateUpdated": "2024-08-02T08:50:07.701Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-7053\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2023-12-22T02:15:43.213\",\"lastModified\":\"2024-05-17T02:34:06.697\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en PHPGurukul Online Notes Sharing System 1.0. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /user/signup.php. La manipulaci\u00f3n conduce a requisitos de contrase\u00f1a d\u00e9biles. El ataque se puede iniciar de forma remota. La complejidad del ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248740.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.6},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-521\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpgurukul:online_notes_sharing_system:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F13021B-DBB9-4471-BD20-7DAA03BB1981\"}]}]}],\"references\":[{\"url\":\"https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/note_weakpass.md\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.248740\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.248740\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.