CVE-2023-4478

HIGH Year: 2023
CVSS v3 Score
8.2
High
Weakness Type
CWE-74
View all →

Vulnerability Description

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.

Related Vulnerabilities

CVE-2016-2204

HIGH
CVSS:8.2(High)

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.

CWE-742016

CVE-2021-21381

HIGH
CVSS:8.2(High)

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwardi...

CWE-742021

CVE-2021-40143

HIGH
CVSS:8.2(High)

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external r...

CWE-742021

CVE-2013-2678

HIGH
CVSS:8.1(High)

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted ...

CWE-742013

CVE-2013-3212

HIGH
CVSS:8.1(High)

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.

CWE-742013

CVE-2015-4075

HIGH
CVSS:8.1(High)

The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.

CWE-742015