Lucene search

[email protected]NVD:CVE-2022-38813

HistoryNov 25, 2022 - 5:15 p.m.

CVE-2022-38813

2022-11-2517:15:10

CWE-668

[email protected]

web.nvd.nist.gov

phpgurukul

blood donor management

access control

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

58.9%

JSON

PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.

Affected configurations

Nvd

Node

phpgurukul_blood_donor_management_system_projectphpgurukul_blood_donor_management_systemMatch1.0

VendorProductVersionCPE
phpgurukul_blood_donor_management_system_projectphpgurukul_blood_donor_management_system1.0cpe:2.3:a:phpgurukul_blood_donor_management_system_project:phpgurukul_blood_donor_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpgurukul_blood_donor_management_system_project	phpgurukul_blood_donor_management_system	1.0	cpe:2.3:a:phpgurukul_blood_donor_management_system_project:phpgurukul_blood_donor_management_system:1.0:::::::*

References

drive.google.com/file/d/1iMswKzoUvindXUGh1cuAmi-0R84tLDaH/view?usp=sharing

github.com/RashidKhanPathan/CVE-2022-38813

ihexcoder.wixsite.com/secresearch/post/cve-2022-38813-privilege-escalations-in-blood-donor-management-system-v1-0

phpgurukul.com/blood-donor-management-system-using-codeigniter

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

58.9%

JSON

Related for NVD:CVE-2022-38813

prion1 githubexploit1 cve1 cvelist1