CVE-2023-38965

CRITICAL

Lost and Found Information System 1.0 - Privilege Escalation

Title source: llm

Description

Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.

Exploits (1)

exploitdb WORKING POC
by Or4nG.M4N · pythonwebappsphp
https://www.exploit-db.com/exploits/51795

References (3)

Scores

CVSS v3 9.8
EPSS 0.0012
EPSS Percentile 31.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-639
Status published
Products (1)
oretnom23/lost_and_found_information_system 1.0
Published Nov 03, 2023
Tracked Since Feb 18, 2026