CVE-2023-46906

Medium

4.9/10

Summary

The package juzaweb/cms is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the "timezone" field was not correctly validated.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: HIGH

References

Advisory
POC/Exploit

Advisory Timeline

Published Jan 09, 2024

CVE-2023-46906

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS