CVE-2023-6099

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 13, 2023

Updated: May 17, 2024

CWE ID 269

Summary

CVE-2023-6099 is a newly disclosed critical vulnerability affecting the Shenzhen Youkate Industrial Facial Love Cloud Payment System up to version 1.0.55.0.0.1. The issue lies within the Account Handler component and the file /SystemMng.ashx. An attacker can exploit this vulnerability by manipulating the argument operatorRole with the input 00, leading to improper privilege management. This vulnerability can be exploited remotely, and the exploit has been disclosed to the public. The vendor was contacted about this disclosure but did not respond. The vulnerability has been assigned the identifier VDB-245061.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tYoiVu
https://www.cve.org/CVERecord?id=CVE-2023-6099
https://nvd.nist.gov/vuln/detail/CVE-2023-6099

Back to Vulnerability Database

CVE-2023-6099

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations