Skip to main content

CVE-2023-34965

Description

SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information.

NVD
Severity: MEDIUM
CVE ID: CVE-2023-34965
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Refrence: NVDMITRE

Proof Of Concept

AgentY0

SSPanel UIM is a multi-purpose agency service sales management system specially designed for Shadowsocks / V2Ray / Trojan protocols. SSPanel-Uim version before 2023.3 does not restrict access to the /link/ interface,which can lead to a leak of user subscription information.

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8