CVE-2023-2239: 
PHP vulnerability analysis and mitigation

CVE-2023-2239 is a vulnerability discovered in the Microweber content management system affecting versions prior to 1.3.4. The vulnerability was identified as an exposure of private personal information to an unauthorized actor, with the initial disclosure date being April 22, 2023 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility, low attack complexity, and requiring low privileges. An alternative assessment by huntr.dev rated it slightly higher at 7.1 (HIGH) with the vector string CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N (NVD).

The vulnerability allows unauthorized actors to access private personal information stored in the system. The high confidentiality impact rating in the CVSS score indicates that the exposure could result in significant disclosure of sensitive data (NVD).

The vulnerability has been patched in Microweber version 1.3.4. Users are advised to upgrade to this version or later to mitigate the risk. A fix was implemented through a commit that updated the User model (GitHub Patch).