Description

A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability.

Related CPE's

a

little-apps

little_software_stats

Vulnerable

References

https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e

PatchThird Party Advisory

https://github.com/little-apps/little-software-stats/releases/tag/v0.2

Release NotesThird Party Advisory

https://vuldb.com/?ctiid.218401

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.218401

Permissions RequiredThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-284

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-16T19:15:10.143

2 years ago

Last modified

2024-05-17T01:03:02.997

1 year ago