Skip to main content

CVE-2023-43154

Description

In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-43154
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

ally-petitt

PoC for the type confusion vulnerability in Mac's CMS that results in authentication bypass and administrator account takeover.

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8