CVE-2023-23327

Published: Mar 10, 2023Modified: Mar 5, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.

Affected (1)

Products: Avantfax: Avantfax

Avantfax

1 product

Avantfax

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avantfax Avantfax	Version 3.3.7

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (5)

http://avantfax.com

Source: cve@mitre.org

Product

https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md

Source: cve@mitre.org

ExploitThird Party Advisory

http://avantfax.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.