CVE-2023-0963

HIGH

Music Gallery Site - Improper Access Control

Title source: rule

Description

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Muhammad Navaid Zafar Ansari · textwebappsphp

https://www.exploit-db.com/exploits/51289

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20Broken%20Access%20Control.md

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.221633

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.221633

Scores

CVSS v3 7.3

EPSS 0.0384

EPSS Percentile 88.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-284

Status published

Products (1)

music_gallery_site_project/music_gallery_site 1.0

Published Feb 22, 2023

Tracked Since Feb 18, 2026