Vulnerability Bulletins

MSA-23-0003: Possible to set the preferred "start page" of other users

System information

Affected software PHP


by Michael Hawkins. Insufficient limitations on the "start page" preference made it possible to set that preference for another user. (Note: This was still limited to the pre-defined start page options)Severity/Risk:MinorVersions affected:4.1, 4.0 to 4.0.5, 3.11 to 3.11.11, 3.9 to 3.9.18 and earlier unsupported versionsVersions fixed:4.1.1, 4.0.6, 3.11.12 and 3.9.19Reported by:Paul HoldenCVE identifier:CVE-2023-23923Changes

More info:

Standar resources

Property Value
CVE CVE-2023-23923.

Version history

Version Comments Date
1.0 Advisory issued 2023-01-29
Ministerio de Defensa