CVE-2022-4232

2022-11-3012:15:10

CWE-266

CWE-434

[email protected]

web.nvd.nist.gov

cve-2022-4232

sourcecodester

event registration system

vulnerability

remote upload

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.

Affected configurations

Vulners

NVD

Node

sourcecodesterrestaurant_management_systemMatch1.0

VendorProductVersionCPE
sourcecodesterrestaurant_management_system1.0cpe:2.3:a:sourcecodester:restaurant_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sourcecodester	restaurant_management_system	1.0	cpe:2.3:a:sourcecodester:restaurant_management_system:1.0:::::::*

CNA Affected

[
  {
    "vendor": "SourceCodester",
    "product": "Event Registration System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ]
  }
]