CVE-2023-46449
First published: Thu Oct 26 2023(Updated: )
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-46449?
CVE-2023-46449 is a vulnerability in the Sourcecodester Free and Open Source inventory management system v1.0 that allows an arbitrary user to change the password of another user and takeover the account via IDOR in the password change function.
How does CVE-2023-46449 affect the Sourcecodester inventory management system?
CVE-2023-46449 allows an arbitrary user to change the password of another user and take over their account.
What is the severity of CVE-2023-46449?
CVE-2023-46449 has a severity rating of 8.8 (high).
How can I fix CVE-2023-46449 in the Sourcecodester inventory management system?
To fix CVE-2023-46449, update the Sourcecodester inventory management system to a version that addresses the Incorrect Access Control vulnerability.
Where can I find more information about CVE-2023-46449?
You can find more information about CVE-2023-46449 on the GitHub page (https://github.com/sajaljat/CVE-2023-46449/tree/main) and a YouTube video (https://www.youtube.com/watch?v=H5QnsOKjs3s).
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/mayurik
- canonical/mayurik inventory management system
- version/mayurik inventory management system/1.0