CVE-2023-43457

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 25, 2023
Updated: Sep 26, 2023

Summary

CVE-2023-43457 is a newly discovered vulnerability affecting Service Provider Management System version 1.0. The issue grants remote attackers elevated privileges by exploiting the ID parameter in the /php-spms/admin/?page=user/ endpoint. Successful exploitation allows the attacker to manipulate user accounts and potentially gain administrative access to the system. This vulnerability poses a serious risk to organizations using this version of the Service Provider Management System and should be addressed promptly by applying the available patch or upgrading to a patched version.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share