CVE-2023-31435

HIGH

evasys <8.2.2286 & <9.0.2401 - Info Disclosure

Title source: llm
STIX 2.1

Description

Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly.

Exploits (1)

nomisec WRITEUP
by trustcves · poc
https://github.com/trustcves/CVE-2023-31435

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://cves.at/posts/cve-2023-31435/writeup/

Scores

CVSS v3 8.1
EPSS 0.0055
EPSS Percentile 68.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-863
Status published
Products (2)
evasys/evasys 8.2
evasys/evasys 9.0
Published May 02, 2023
Tracked Since Feb 18, 2026