github - ghsa-4779-3f76-8vx3

ghsa-4779-3f76-8vx3

Vulnerability from github

Published

2023-12-22 03:30

Modified

2023-12-22 03:30

Severity

4.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-22T01:15:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739.",
  "id": "GHSA-4779-3f76-8vx3",
  "modified": "2023-12-22T03:30:33Z",
  "published": "2023-12-22T03:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7052"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_profile_notes.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.248739"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.248739"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-7052

Vulnerability from cvelistv5

Published

2023-12-22 01:00

Modified

2024-08-02 08:50

Severity

4.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

PHPGurukul Online Notes Sharing System profile.php cross-site request forgery

References

URL	Tags
https://vuldb.com/?id.248739	vdb-entry, technical-description
https://vuldb.com/?ctiid.248739	signature, permissions-required
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_profile_notes.md	exploit

Impacted products

Vendor	Product
PHPGurukul	Online Notes Sharing System

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:phpgurukul:online_notes_sharing_system:1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "online_notes_sharing_system",
            "vendor": "phpgurukul",
            "versions": [
              {
                "status": "affected",
                "version": "1.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-7052",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-25T18:59:30.175537Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T20:15:49.657Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:50:07.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.248739"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.248739"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_profile_notes.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Online Notes Sharing System",
          "vendor": "PHPGurukul",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "dhabaleshwar (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in PHPGurukul Online Notes Sharing System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /user/profile.php. Durch das Manipulieren des Arguments name mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-22T01:00:05.458Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.248739"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.248739"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_profile_notes.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-12-21T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-12-21T17:12:50.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "PHPGurukul Online Notes Sharing System profile.php cross-site request forgery"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-7052",
    "datePublished": "2023-12-22T01:00:05.458Z",
    "dateReserved": "2023-12-21T16:07:40.471Z",
    "dateUpdated": "2024-08-02T08:50:07.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.