Lucene search

@huntrdevCVELIST:CVE-2022-1225

HistoryApr 04, 2022 - 10:50 a.m.

CVE-2022-1225 Incorrect Privilege Assignment in phpipam/phpipam

2022-04-0410:50:11

CWE-266

@huntrdev

www.cve.org

cve-2022-1225

incorrect privilege assignment

phpipam.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

30.4%

JSON

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.

CNA Affected

[
  {
    "product": "phpipam/phpipam",
    "vendor": "phpipam",
    "versions": [
      {
        "lessThan": "1.4.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953

huntr.dev/bounties/49b44cfa-d142-4d79-b529-7805507169d2

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

30.4%

JSON

Related for CVELIST:CVE-2022-1225