Vulnerability Details : CVE-2022-42197
In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.
Products affected by CVE-2022-42197
- Simple Exam Reviewer Management System Project » Simple Exam Reviewer Management System » Version: 1.0cpe:2.3:a:simple_exam_reviewer_management_system_project:simple_exam_reviewer_management_system:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-42197
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-42197
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-42197
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-42197
-
https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html
Simple Exam Reviewer Management System in PHP/OOP Free Source Code | Free Source Code Projects and TutorialsProduct
-
https://github.com/ciph0x01/Simple-Exam-Reviewer-Management-System-CVE/blob/main/CVE-2022-42197.md
Simple-Exam-Reviewer-Management-System-CVE/CVE-2022-42197.md at main · ciph0x01/Simple-Exam-Reviewer-Management-System-CVE · GitHubExploit;Third Party Advisory
Jump to