Published: 27/09/2023 Updated: 02/10/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.

Vulnerable Product	Search on Vulmon	Subscribe to Product
macs cms project macs cms 1.1.4f

PoC for the type confusion vulnerability in Mac's CMS that results in authentication bypass and administrator account takeover.

CVE-2023-43154 - Macs Framework v114f CMS Type Confusion Vulnerability Table of Contents Overview Proof of Concept Technical Debrief Mitigation Overview CVE-ID: CVE-2023-43154 CVSS 31: 98 Vulnerability Description: A loose comparison in the isValidLogin() function results in a PHP type confusion vulnerability that can be abused to bypass authentication and takeover the ad

PoC for the type confusion vulnerability in Mac's CMS that results in authentication bypass and administrator account takeover.

CVE-2023-43154 - Macs Framework v114f CMS Type Confusion Vulnerability Table of Contents Overview Proof of Concept Technical Debrief Mitigation Overview CVE-ID: CVE-2023-43154 CVSS 31: 98 Vulnerability Description: A loose comparison in the isValidLogin() function results in a PHP type confusion vulnerability that can be abused to bypass authentication and takeover the ad

CWE-843 https://github.com/ally-petitt/macs-cms-auth-bypass https://cxsecurity.com/issue/WLB-2023090075 https://nvd.nist.gov https://github.com/ally-petitt/CVE-2023-43154-PoC

CVE-2023-43154

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect