CVE-2023-46449

HIGH

inventory_management_system 1.0 - Incorrect Access Control via Password Change IDOR

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-46449. PoCs published by sajaljat.

AI-analyzed exploit summary The repository provides a detailed technical writeup for CVE-2023-46449, an Incorrect Access Control vulnerability in Sourcecodester's inventory management system v1.0. It describes an IDOR flaw in the password change function, allowing arbitrary password resets and account takeover.

Description

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.

Exploits (1)

nomisec WRITEUP
by sajaljat · poc
https://github.com/sajaljat/CVE-2023-46449

The repository provides a detailed technical writeup for CVE-2023-46449, an Incorrect Access Control vulnerability in Sourcecodester's inventory management system v1.0. It describes an IDOR flaw in the password change function, allowing arbitrary password resets and account takeover.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Sourcecodester Free and Open Source inventory management system v1.0
Auth required
Prerequisites: Valid user session · Victim user ID
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0076
EPSS Percentile 50.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-732
Status published
Products (1)
mayurik/inventory_management_system 1.0
Published Oct 26, 2023
Tracked Since Feb 18, 2026