CVE-2023-46754 Information

Description

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.

Reference

https://github.com/obl-ong/admin/releases/tag/v1.1.2