CVE-2022-46890 : Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is

Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).

Published 2023-01-19 19:15:11

Updated 2023-01-25 19:42:31

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-46890

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 33 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-46890

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

References for CVE-2022-46890

https://github.com/xiaomlove/nexusphp/releases/tag/v1.7.33

Release v1.7.33 · xiaomlove/nexusphp · GitHub
Release Notes;Third Party Advisory

CVEs referencing this url
https://www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities

NexusPHP - SureCloud Security Review Identifies Authenticated and Unauthenticated Vulnerabilities
Exploit;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2022-46890

Nexusphp » Nexusphp
Versions before (<) 1.7.33
cpe:2.3:a:nexusphp:nexusphp:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-46890

Exploit prediction scoring system (EPSS) score for CVE-2022-46890

CVSS scores for CVE-2022-46890

References for CVE-2022-46890

Products affected by CVE-2022-46890