CVE-2023-2473

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-2473
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2473.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-2473
Published
2023-05-02T13:15:25Z
Modified
2025-01-30T17:48:23.275360Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.

References

Affected packages

Git / github.com/iteachyou-wjn/dreamer_cms

Affected ranges

Type
GIT
Repo
https://github.com/iteachyou-wjn/dreamer_cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Latest_Stable_Release_4.*

Latest_Stable_Release_4.1.3.1

Previous_Releases_3.*

Previous_Releases_3.5.0