CVE-2023-45503 Information

Description

SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f allows remote attackers to execute arbitrary code cause a denial of service (DoS) escalate privileges and obtain sensitive information via crafted payload to resetPassword forgotPasswordProcess saveUser saveRole deleteUser deleteRole deleteComment deleteUser allowComment saveRole forgotPasswordProcess resetPassword saveUser addComment saveRole and saveUser endpoints.

Reference

https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file