CVE-2023-43154

CRITICAL

Macros CMS 1.1.4f - Auth Bypass

Title source: llm

Description

In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.

Exploits (1)

nomisec WRITEUP

by ally-petitt · poc

https://github.com/ally-petitt/CVE-2023-43154-PoC

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://cxsecurity.com/issue/WLB-2023090075

[Product] https://github.com/ally-petitt/macs-cms-auth-bypass

Scores

CVSS v3 9.8

EPSS 0.0042

EPSS Percentile 61.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-843

Status published

Products (1)

macs_cms_project/macs_cms 1.1.4f

Published Sep 27, 2023

Tracked Since Feb 18, 2026