CVE-2023-6099

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 13, 2023
Updated: May 17, 2024
CWE ID 269

Summary

CVE-2023-6099 is a newly disclosed critical vulnerability affecting the Shenzhen Youkate Industrial Facial Love Cloud Payment System up to version 1.0.55.0.0.1. The issue lies within the Account Handler component and the file /SystemMng.ashx. An attacker can exploit this vulnerability by manipulating the argument operatorRole with the input 00, leading to improper privilege management. This vulnerability can be exploited remotely, and the exploit has been disclosed to the public. The vendor was contacted about this disclosure but did not respond. The vulnerability has been assigned the identifier VDB-245061.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share