How severe is CVE-2023-0785?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2023-0785?

This is classified as CWE-202, which is a common weakness in software security.

CVE-2023-0785 - LOW Severity | CVSS 3.7

Vulnerability Description

A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2021-34782

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid ...

CWE-2022021

CVE-2021-4159

MEDIUM

CVSS:4.4(Medium)

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to...

CWE-2022021

CVE-2023-1625

MEDIUM

CVSS:5.0(Medium)

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. ...

CWE-2022023

CVE-2023-20215

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a ne...

CWE-2022023

CVE-2024-20388

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. ...

CWE-2022024

CVE-2024-38895

MEDIUM

CVSS:5.3(Medium)

WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.

CWE-2022024