CVE-2023-6773

MEDIUM

CodeAstro POS and Inventory Management System 1.0 - Improper Access Control via User Creation Handler

Title source: llm

Description

A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247909 was assigned to this vulnerability.

References (3)

Core 3

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.247909

Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.247909

Exploit exploit

https://drive.google.com/drive/folders/1yuc1n6tr57wD8qsT0HAFDVAuii7iibDM?usp=sharing

Scores

CVSS v3 4.3

EPSS 0.0074

EPSS Percentile 50.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-284

Status published

Products (1)

codeastro/pos_and_inventory_management_system 1.0

Published Dec 13, 2023

Tracked Since Feb 18, 2026