Headline
CVE-2023-40829: CVE-2023-40829 POC introduce
There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000.
The cveform.mitre.org “Vulnerability Type” field was set to:
Incorrect Access Control
⬤ The cveform.mitre.org “Affected Component” field was set to:
Sensitive information can lead to the full amount of
enterprise wechat data being obtained, file acquisition, and
the use of enterprise wechat light application to send
phishing files and links to internal forces
⬤ The cveform.mitre.org “Attack Type” field was set to: Remote
⬤ The cveform.mitre.org “Impact Information Disclosure” field
was set to: true
⬤ The cveform.mitre.org “Attack Vectors” field was set to:
POC:XXX.com/cgi-bin/gateway/agentinfo
⬤ The cveform.mitre.org “Discoverer” field was set to: eziyu
⬤ The cveform.mitre.org “Reference” field was set to:
http://enterprise.comhttp://tencent.com
⬤ The cveform.mitre.org “Vendor of Product” field was set to:
tencent
⬤ The cveform.mitre.org “Affected Product Code Base” field was
set to: Enterprise wechat Privatized enterprise wechat
⬤ The cveform.mitre.org “Suggested description” field was set
to: There is an interface unauthorized access vulnerability in the background of Enterprise Wechat Privatization 2.5.x and 2.6.930000