CVE-2022-40036

2023-01-2400:00:00

mitre

www.cve.org

rawchen blog-ssm

sensitive user information

admingetuserlist

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

33.5%

JSON

An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.

References

github.com/rawchen/blog-ssm/issues/5