MidnightBSD

Advisories for finexmedia

CVE-2023-2702

Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.This issue affects Competition Management System: before 23.07.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@usom.gov.tr 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
finexmedia competition_management_system *
CVE-2023-2703

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@usom.gov.tr 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
finexmedia competition_management_system *