CVE-2023-0959
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
05/04/2023
Last modified:
13/02/2025
Description
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:imaworldhealth:bhima:1.27.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page