Lucene search
TR-CERTCVE-2022-2808HistoryDec 12, 2022 - 1:49 a.m.
CVE-2022-2808
2022-12-1201:49:10
CWE-639
TR-CERT
web.nvd.nist.gov
38
cve
2022
authorization bypass
user-controlled key
algan software
prens student information system
object relational mapping
injection
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
32.8%
Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before 2.1.11.
Affected configurations
Node
alganprens_student_information_systemRange<2.1.11
| Vendor | Product | Version | CPE |
|---|---|---|---|
| algan | prens_student_information_system | * | cpe:2.3:a:algan:prens_student_information_system:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Prens Student Information System",
"vendor": "Algan Software",
"versions": [
{
"lessThan": "2.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]References
Related
prion
prion
Authorization
2022-12-02 12:15:00
nvd
nvd
CVE-2022-2808
2022-12-02 12:15:09
cvelist
cvelist
CVE-2022-2808 IDOR in Prens Student Information System
2022-12-12 01:49:10
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
32.8%
Related for CVE-2022-2808