CVE-2023-46393

HIGH

gougucms v4.08.18 - Auth Bypass

Title source: llm

Description

gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.

Exploits (1)

gitee 619 stars

by gougufree · phpwriteup

https://gitee.com/gouguopen/gougucms/issues/I88TKH

View on gitee

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://gitee.com/gouguopen/gougucms/issues/I88TKH

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 7.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-460

Status published

Products (1)

gougucms/gougucms 4.08.18

Published Oct 27, 2023

Tracked Since Feb 18, 2026