Lucene search

TR-CERTCVELIST:CVE-2022-2808

HistoryDec 12, 2022 - 1:49 a.m.

CVE-2022-2808 IDOR in Prens Student Information System

2022-12-1201:49:10

CWE-639

TR-CERT

www.cve.org

idor

prens student information system

authorization bypass

object relational mapping injection

algan software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before 2.1.11.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Prens Student Information System",
    "vendor": "Algan Software",
    "versions": [
      {
        "lessThan": "2.1.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-22-0708

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

Related for CVELIST:CVE-2022-2808