CVE-2023-7055 - OpenCVE

A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpgurukul	Online Notes Sharing System

Configuration 1 [-]

cpe:2.3:a:phpgurukul:online_notes_sharing_system:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md
https://vuldb.com/?ctiid.248742
https://vuldb.com/?id.248742

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-12-22T02:31:04.126Z

Updated: 2024-08-02T08:50:07.977Z

Reserved: 2023-12-21T16:13:22.013Z

Link: CVE-2023-7055

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-22T03:15:09.790

Modified: 2024-05-17T02:34:06.900

Link: CVE-2023-7055

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7055", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-12-21T16:13:22.013Z", "datePublished": "2023-12-22T02:31:04.126Z", "dateUpdated": "2024-08-02T08:50:07.977Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-12-22T02:31:04.126Z"}, "title": "PHPGurukul Online Notes Sharing System Contact Information profile.php access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Controls"}]}], "affected": [{"vendor": "PHPGurukul", "product": "Online Notes Sharing System", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Contact Information Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in PHPGurukul Online Notes Sharing System 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /user/profile.php der Komponente Contact Information Handler. Durch Beeinflussen des Arguments mobilenumber mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2023-12-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-12-21T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-12-21T17:18:29.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "dhabaleshwar (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.248742", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.248742", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:50:07.977Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.248742", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.248742", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md", "tags": ["exploit", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:online_notes_sharing_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F13021B-DBB9-4471-BD20-7DAA03BB1981", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en PHPGurukul Online Notes Sharing System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /user/profile.php del componente Contact Information Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento mobilenumber conduce a controles de acceso inadecuados. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada y puede utilizarse. VDB-248742 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2023-7055", "lastModified": "2024-05-17T02:34:06.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-12-22T03:15:09.790", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.248742"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.248742"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Secondary"}]}