Lucene search
MitreCVE-2022-28607HistoryDec 01, 2022 - 1:15 p.m.
CVE-2022-28607
2022-12-0113:15:10
mitre
web.nvd.nist.gov
32
cve-2022-28607
isic tour booking
sensitive information disclosure
security vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.5
Confidence
High
EPSS
0.002
Percentile
58.8%
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.
Affected configurations
Node
isic.lk_projectisic.lkRange≤2018-02-13
| Vendor | Product | Version | CPE |
|---|---|---|---|
| isic.lk_project | isic.lk | * | cpe:2.3:a:isic.lk_project:isic.lk:*:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2022-28607
2022-12-01 00:00:00
nvd
nvd
CVE-2022-28607
2022-12-01 13:15:10
prion
prion
Information disclosure
2022-12-01 13:15:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.5
Confidence
High
EPSS
0.002
Percentile
58.8%
Related for CVE-2022-28607