CVE-2023-2713

Published: May 20, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD (Secondary)

Description

Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.

Affected (1)

Products: Rental Module Project: Rental Module

Rental Module Project

1 product

Rental Module

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rental Module Project Rental Module	Before 23.05.15

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://www.usom.gov.tr/bildirim/tr-23-0276

Source: iletisim@usom.gov.tr

Third Party Advisory

https://www.usom.gov.tr/bildirim/tr-23-0276

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.