CVE-2023-0959

Severity CVSS v4.0:
Pending analysis
Type:
CWE-269 Improper Privilege Management
Publication date:
05/04/2023
Last modified:
13/02/2025

Description

Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:imaworldhealth:bhima:1.27.0:*:*:*:*:*:*:*