Lucene search

MitreCVE-2023-49443

HistoryDec 08, 2023 - 3:15 p.m.

CVE-2023-49443

2023-12-0815:15:07

CWE-307

mitre

web.nvd.nist.gov

doracms

v2.1.8

code re-use

username

password

verification

bruteforce

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

43.4%

JSON

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.

Affected configurations

Nvd

Node

html-jsdoracmsMatch2.1.8

VendorProductVersionCPE
html-jsdoracms2.1.8cpe:2.3:a:html-js:doracms:2.1.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
html-js	doracms	2.1.8	cpe:2.3:a:html-js:doracms:2.1.8:::::::*

References

github.com/woshinibaba222/DoraCMS-Verification-Code-Reuse

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

43.4%

JSON

Related for CVE-2023-49443