Lucene search

VulDBCVELIST:CVE-2022-2702

HistoryAug 08, 2022 - 12:26 p.m.

CVE-2022-2702 SourceCodester Company Website CMS Cookie site-settings.php access control

2022-08-0812:26:21

CWE-284

VulDB

www.cve.org

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability.

CNA Affected

[
  {
    "product": "Company Website CMS",
    "vendor": "SourceCodester",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

github.com/Jamison2022/Company-Website-CMS/blob/main/Company%20Website%20CMS-Unauthorized%20Access.md

vuldb.com/?id.205826

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON

Related for CVELIST:CVE-2022-2702