CVE-2023-46754
MEDIUMobl.ong/admin < 1.1.2 - Unauthenticated Authorization Bypass via Email OTP Feature
Title source: llmDescription
The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.
References (1)
Core 1
Core References
Release Notes
https://github.com/obl-ong/admin/releases/tag/v1.1.2
Scores
CVSS v3
5.3
EPSS
0.0038
EPSS Percentile
29.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (1)
obl.ong/admin
< 1.1.2
Published
Oct 26, 2023
Tracked Since
Feb 18, 2026