CVE-2023-43154
Description
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-43154
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
ally-petitt
PoC for the type confusion vulnerability in Mac's CMS that results in authentication bypass and administrator account takeover.
Refrence: GitHub