CVE-2023-31923 Information

Description

Suprema BioStar 2 before 2022 Q4 v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with �ser Operator\ privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation which can be exploited to gain full administrator privileges on the system.

Reference

https://nobugescapes.com/blog/creating-a-new-user-with-admin-privilege/