CVE-2022-36687 : Ingredients Stock Management System v1.0 was discovered to contain an arbitrary

Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.

Published 2022-08-29 14:15:13

Updated 2022-09-01 06:33:39

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-36687

Ingredient Stock Management System Project » Ingredient Stock Management System » Version: 1.0
cpe:2.3:a:ingredient_stock_management_system_project:ingredient_stock_management_system:1.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-36687

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 34 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-36687

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H	1.2	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2022-36687

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-36687

https://github.com/k0xx11/vul-wiki/blob/master/vendors/oretnom23/ingredients-stock-management-system/delet-file-1.md

vul-wiki/delet-file-1.md at master · k0xx11/vul-wiki · GitHub
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-36687

Products affected by CVE-2022-36687

Exploit prediction scoring system (EPSS) score for CVE-2022-36687

CVSS scores for CVE-2022-36687

CWE ids for CVE-2022-36687

References for CVE-2022-36687