CVE-2023-2544 MEDIUM

CVE-2023-2544: Authorization Bypass on UPV PEIX

Vendor Universitat Politècnica De València (Upv)
Product UPV PEIX
Weakness CWE-639 · IDOR
Published October 3, 2023
Last update September 19, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.

Key dates

02Disclosure timeline

October 3, 2023 CVE published
September 19, 2024 Record updated