Lucene search

VulDBCVELIST:CVE-2022-4229

HistoryNov 30, 2022 - 12:00 a.m.

CVE-2022-4229 SourceCodester Book Store Management System index.php access control

2022-11-3000:00:00

CWE-284

VulDB

www.cve.org

sourcecodester book store management system

critical vulnerability

remote access

index.php

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.

CNA Affected

[
  {
    "vendor": "SourceCodester",
    "product": "Book Store Management System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/broken-access-control

vuldb.com/?ctiid.214588

vuldb.com/?id.214588

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

Related for CVELIST:CVE-2022-4229