Vulnerabilities > CVE-2023-46754 - Incorrect Authorization vulnerability in Obl.Ong Admin 1.0.0/1.1.0/1.1.1

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
obl-ong
CWE-863
NVD
Published: 2023-10-26
Updated: 2023-11-07

Summary

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.

Vulnerable Configurations

Part Description Count
Application
Obl.Ong
4

Common Weakness Enumeration (CWE)

References