CVE-2023-28698

CRITICAL

9.8

Description

Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published6/2/2023

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

wddgroup:fantsy

Weaknesses (CWE)

CWE-863

References

https://www.twcert.org.tw/tw/cp-132-7101-f88db-1.html(twcert@cert.org.tw)

https://www.twcert.org.tw/tw/cp-132-7101-f88db-1.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.