Lucene search

[email protected]NVD:CVE-2023-27073

HistoryMar 14, 2023 - 3:15 p.m.

CVE-2023-27073

2023-03-1415:15:12

CWE-352

[email protected]

web.nvd.nist.gov

cross-site request forgery

attack

change user details

crafted post request

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.0%

JSON

A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.

Affected configurations

Nvd

Node

online_food_ordering_system_projectonline_food_ordering_systemMatch1.0

VendorProductVersionCPE
online_food_ordering_system_projectonline_food_ordering_system1.0cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
online_food_ordering_system_project	online_food_ordering_system	1.0	cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:1.0:::::::*

References

github.com/bhaveshkush007/CVEs/blob/main/CVE-2023-27073.txt

projectworlds.in/free-projects/php-projects/food-ordering-system-project-in-php/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.0%

JSON

Related for NVD:CVE-2023-27073

prion1 cvelist1 cve1