CVE-2023-6099

Published: Nov 13, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Szjocat: Facial Love Cloud Platform

1 product

Facial Love Cloud Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Szjocat Facial Love Cloud Platform	Up to 1.0.55.0.0.1

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://github.com/gatsby2003/Shenzhen-Youkate-Industrial-Co.-Ltd/blob/main/Shenzhen%20Youkate%20Industrial%20Co.%2C%20Ltd.md

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?ctiid.245061

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.245061

Source: cna@vuldb.com

Third Party Advisory

https://github.com/gatsby2003/Shenzhen-Youkate-Industrial-Co.-Ltd/blob/main/Shenzhen%20Youkate%20Industrial%20Co.%2C%20Ltd.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://vuldb.com/?ctiid.245061

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.245061

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.