Lucene search

[email protected]CVE-2022-46890

HistoryJan 19, 2023 - 7:15 p.m.

CVE-2022-46890

2023-01-1919:15:11

[email protected]

web.nvd.nist.gov

nexusphp

cve-2022-46890

access control

vulnerability

forum

security

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

34.0%

JSON

Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).

Affected configurations

NVD

Node

nexusphpnexusphpRange<1.7.33

References

github.com/xiaomlove/nexusphp/releases/tag/v1.7.33

www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

34.0%

JSON

Related for CVE-2022-46890

osv1 prion1 nvd1 cvelist1