Lucene search

MitreCVE-2022-38813

HistoryNov 25, 2022 - 5:15 p.m.

CVE-2022-38813

2022-11-2517:15:10

CWE-668

mitre

web.nvd.nist.gov

cve-2022-38813

phpgurukul

blood donor management system

access control

vulnerability

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

58.9%

JSON

PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.

Affected configurations

Nvd

Node

phpgurukul_blood_donor_management_system_projectphpgurukul_blood_donor_management_systemMatch1.0

VendorProductVersionCPE
phpgurukul_blood_donor_management_system_projectphpgurukul_blood_donor_management_system1.0cpe:2.3:a:phpgurukul_blood_donor_management_system_project:phpgurukul_blood_donor_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpgurukul_blood_donor_management_system_project	phpgurukul_blood_donor_management_system	1.0	cpe:2.3:a:phpgurukul_blood_donor_management_system_project:phpgurukul_blood_donor_management_system:1.0:::::::*

References

drive.google.com/file/d/1iMswKzoUvindXUGh1cuAmi-0R84tLDaH/view?usp=sharing

github.com/RashidKhanPathan/CVE-2022-38813

ihexcoder.wixsite.com/secresearch/post/cve-2022-38813-privilege-escalations-in-blood-donor-management-system-v1-0

phpgurukul.com/blood-donor-management-system-using-codeigniter

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

58.9%

JSON

Related for CVE-2022-38813