Lucene search

VulDBCVELIST:CVE-2022-4229

HistoryNov 30, 2022 - 12:00 a.m.

CVE-2022-4229 SourceCodester Book Store Management System index.php access control

2022-11-3000:00:00

CWE-284

VulDB

www.cve.org

sourcecodester book store management system

critical vulnerability

remote access

index.php

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.5%

JSON

A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.

CNA Affected

[
  {
    "vendor": "SourceCodester",
    "product": "Book Store Management System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/broken-access-control

vuldb.com/?ctiid.214588

vuldb.com/?id.214588

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.5%

JSON

Related for CVELIST:CVE-2022-4229