From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: CVE-2023-27195 2. Vulnerability Description: An access control issue exists in Trimble TM4Web v22.2.0, allowing unauthorized attackers to retrieve the last registered access code via a specially crafted URL path, and then use this code to register a valid account. If the access code is used to create an administrator account, the attacker can also register a new administrator account with full privileges and permissions. 3. Vulnerability Type: Access Control Bypass 4. Affected Product: Trimble TM4Web v22.2.0 5. Affected Component: User registration process 6. Attack Type: Remote 7. Impact: Privilege Escalation / Authentication Bypass 8. Attack Vector: - Retrieve the last access code - Send a PUT request to create a new user account using the previously obtained access code 9. Exploit Code: - GET Request: - PUT Request: - Example Request Parameters: 10. Discoverer: Clément Cruchet 11. Reference Links: - Official Website: https://transportation.trimble.com/products/TM4Web - Full Disclosure Mailing List: https://nmap.org/mailman/listinfo/fulldisclosure - Web Archive and RSS: https://seclists.org/fulldisclosure/ This information provides a detailed description of the vulnerability’s nature, scope of impact, and exploitation method, which is crucial for security researchers and developers.