CVE-2023-3304

Description

Admidio prior to 4.2.9 is vulnerable to Improper Access Control.

How to fix CVE-2023-3304

To remediate CVE-2023-3304, upgrade the affected package to a fixed version below.

• Packagist/admidio/admidio—upgrade to 4.2.9 or later

Is CVE-2023-3304 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.2.9

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-3304
• PATCHgithub.com/admidio/admidio
• WEBgithub.com/admidio/admidio/commit/3b248b7d5e0e60a00ee2f9a6908d538d62a5837f
• WEBhuntr.dev/bounties/721fae61-3c8c-4e4b-8407-64321bc0ed17