Vulnerability Details : CVE-2023-7226
Potential exploit
A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232.
Products affected by CVE-2023-7226
- cpe:2.3:a:meiyou:big_whale:1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-7226
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-7226
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
VulDB | 2024-01-11 |
6.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
VulDB | 2024-01-11 |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | 2024-01-18 |
CWE ids for CVE-2023-7226
-
The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.Assigned by: cna@vuldb.com (Secondary)
References for CVE-2023-7226
-
https://gitee.com/meetyoucrop/big-whale/issues/I6N31K
big-whale has unauthorized access · Issue #I6N31K · 美柚/big-whale - GiteeExploit;Issue Tracking;Third Party Advisory
-
https://vuldb.com/?ctiid.250232
Permissions Required;Third Party Advisory
-
https://vuldb.com/?id.250232
Third Party Advisory
Jump to