CVE-2023-0916

MEDIUM

Auto Dealer Management System - Improper Access Control

Title source: rule

Description

A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Muhammad Navaid Zafar Ansari · textwebappsphp

https://www.exploit-db.com/exploits/51281

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Auto%20Dealer%20Management%20System%20-%20Broken%20Access%20Control.md

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.221491

[Third Party Advisory] https://vuldb.com/?id.221491

Scores

CVSS v3 6.3

EPSS 0.0224

EPSS Percentile 84.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-284

Status published

Products (1)

auto_dealer_management_system_project/auto_dealer_management_system 1.0

Published Feb 19, 2023

Tracked Since Feb 18, 2026