CVE-2023-2799

Critical

A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown…

VulDB·CWE-259·Published 2023-05-18

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgde

346 chars

Eine problematische Schwachstelle wurde in cnoa OA bis 5.1.1.5 entdeckt. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /index.php?app=main&func=passport&action=login. Durch Manipulation mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

cve.orgen

466 chars

A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

NVDen

466 chars

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	cve.org	5.8	—	—	AV:A/AC:L/Au:N/C:P/I:P/A:P
2.0	Primary	cve.org	5.8	—	—	AV:A/AC:L/Au:N/C:P/I:P/A:P
2.0	Secondary	NVD	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P
3.0	Primary	cve.org	6.3	—	—	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.0	Primary	cve.org	6.3	—	—	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	6.3	—	—	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Primary	cve.org	6.3	—	—	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Secondary	NVD	6.3	2.8	3.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L