CVE-2023-6099 HIGH

CVE-2023-6099: Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management

Vendor Shenzhen Youkate Industrial

Product Facial Love Cloud Payment System

Weakness CWE-269

Published November 13, 2023

Last update January 8, 2025

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

November 13, 2023 CVE published

January 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6099

Related vulnerabilities

Identifiers

CVE CVE-2023-6099

CWE CWE-269

CVSS 7.3 / HIGH

Affected versions

Vendor Shenzhen Youkate Industrial

Product Facial Love Cloud Payment System

Affected 1.0.55.0.0.0

Vendor Shenzhen Youkate Industrial

Product Facial Love Cloud Payment System

Affected 1.0.55.0.0.1

CVE-2023-6099: Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management

01Description

02Disclosure timeline

03References

04Related CVE