CVE-2023-52268

CRITICAL

FreeScout End-User Portal <1.0.65 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-52268. PoCs published by squ1dw3rm.

AI-analyzed exploit summary This exploit targets an authentication bypass vulnerability in FreeScout End-User Portal Module versions below 1.0.65. It generates session tokens and tests them against the magic link endpoint to impersonate arbitrary users, potentially gaining access to sensitive support tickets.

Description

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.

Exploits (1)

nomisec WORKING POC
by squ1dw3rm · poc
https://github.com/squ1dw3rm/CVE-2023-52268

This exploit targets an authentication bypass vulnerability in FreeScout End-User Portal Module versions below 1.0.65. It generates session tokens and tests them against the magic link endpoint to impersonate arbitrary users, potentially gaining access to sensitive support tickets.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: FreeScout End-User Portal Module < 1.0.65
No auth needed
Prerequisites: Access to the target FreeScout End-User Portal URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.1
EPSS 0.0061
EPSS Percentile 44.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-384
Status published
Published Nov 12, 2024
Tracked Since Feb 18, 2026