CVE-2023-7226 MEDIUM

CVE-2023-7226: meetyoucrop big-whale Admin Module all.api improper ownership management

Vendor Meetyoucrop
Product big-whale
Weakness CWE-282
Published January 11, 2024
Last update November 14, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232.

Key dates

02Disclosure timeline

January 11, 2024 CVE published
November 14, 2024 Record updated