{"id":"CVE-2023-46754","details":"The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.","modified":"2026-03-14T12:22:49.513181Z","published":"2023-10-26T05:15:26.173Z","references":[{"type":"ADVISORY","url":"https://github.com/obl-ong/admin/releases/tag/v1.1.2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/obl-ong/admin","events":[{"introduced":"0"},{"fixed":"a0dd15f11329737c238bc7cbb0ad13c35c9272e3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.1.2"}]}},{"type":"GIT","repo":"https://github.com/obl-ong/panel","events":[{"introduced":"0"},{"fixed":"a0dd15f11329737c238bc7cbb0ad13c35c9272e3"}]}],"versions":["v1.0.0","v1.1.0","v1.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46754.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}