Vulnerabilities > CVE-2023-46754 - Incorrect Authorization vulnerability in Obl.Ong Admin

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
obl-ong
CWE-863
NVD
Published: 2023-10-26
Updated: 2023-11-07

Summary

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.

Vulnerable Configurations

Part Description Count
Application
Obl.Ong
1

Common Weakness Enumeration (CWE)

References