{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T05:53:35.959","vulnerabilities":[{"cve":{"id":"CVE-2023-48392","sourceIdentifier":"twcert@cert.org.tw","published":"2023-12-15T10:15:07.590","lastModified":"2024-11-21T08:31:37.477","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information."},{"lang":"es","value":"Kaifa Technology WebITR es un sistema de asistencia en línea, tiene una vulnerabilidad al usar una clave de cifrado codificada. Un atacante remoto no autenticado puede generar un parámetro de token válido y aprovechar esta vulnerabilidad para acceder al sistema con una cuenta de usuario arbitraria, incluida la cuenta de administrador, para ejecutar los permisos de la cuenta de inicio de sesión y obtener información relevante."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kaifa:webitr_attendance_system:2.1.0.23:*:*:*:*:*:*:*","matchCriteriaId":"0B300C11-0A7F-409F-9D3C-3CE08E366D75"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7622-57e5f-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-7622-57e5f-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}