What is CVE-2023-46449?

CVE-2023-46449 is a high-severity vulnerability in Mayurik Inventory_management_system, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 8.8/10. Published 2023-10-26.

How severe is CVE-2023-46449?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2023-46449 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mayurik Inventory_management_system

CVE-2023-46449

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.

EPSS: 0.008 (50.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mayurik Inventory_management_system — versions 1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource

Public proof-of-concept exploits

References

cve@mitre.org (Exploit, Third Party Advisory)
cve@mitre.org (Exploit, Third Party Advisory)

Frequently asked questions

What is CVE-2023-46449?: CVE-2023-46449 is a high-severity vulnerability in Mayurik Inventory_management_system, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 8.8/10. Published 2023-10-26.
How severe is CVE-2023-46449?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2023-46449 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.