CVE-2023-27576

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

18/08/2023

Last modified:

07/10/2024

Description

An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system&#39;s super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified request (manipulating both the ID parameter and the associated username) can bypass the intended email confirmation requirement. For example, the attacker can start from an updatepassword=1 request with their own ID number, and change the ID number to 1 (representing the super admin account) and change the username to admin2. In the first step, the attacker changes the super admin&#39;s email address to one under the attacker&#39;s control. In the second step, the attacker performs a password reset for the super admin account. The new password allows login as the super admin, i.e., a successful account takeover.

Impact

Vector 3.x

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 6.70 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High