Headline

CVE-2023-29192: Users with access to the game upload panel are able to edit download links for games uploaded by other developers

SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.

1 year ago

CVE

Open in Source

#vulnerability #git #php

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

- For
- Enterprise
- Teams
- Startups
- Education
- By Solution
- CI/CD & Automation
- DevOps
- DevSecOps
- Case Studies
- Customer Stories
- Resources
- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

Pricing
Notifications
Fork 0
Code
Issues 62
Pull requests
Discussions
Actions
Projects
Security
Insights

Low

mesosoi published GHSA-m6h6-wph7-498f

Apr 8, 2023

Package

product.php (SilverwareGames.io)

Affected versions

< 1.2.19

Description

Users with access to the game upload panel were able to edit download links for games uploaded by other developers. There’s no sign that such a vulnerability has been exploited by anyone. This has been fixed in version 1.2.19 and does not require any interaction from our users.

Severity

CVSS base metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Weaknesses