Lucene search

[email protected]CVE-2024-22922

HistoryJan 25, 2024 - 10:15 p.m.

CVE-2024-22922

2024-01-2522:15:08

CWE-269

[email protected]

web.nvd.nist.gov

cve-2024-22922

projectworlds

vistor management system

php

security vulnerability

privilege escalation

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.4%

JSON

An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php

Affected configurations

NVD

Node

projectworldsvisitor_management_system_in_phpMatch1.0

CPENameOperatorVersion
projectworlds:visitor_management_system_in_phpprojectworlds visitor management system in phpeq1.0

CPE	Name	Operator	Version
projectworlds:visitor_management_system_in_php	projectworlds visitor management system in php	eq	1.0

References

projectworlds.com

visitor.com

github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.4%

JSON

Related for CVE-2024-22922

prion1 cvelist1 nvd1