CVE-2022-3585
SourceCodester Simple Cold Storage Management System Contact Us cross-site request forgery
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability.
Se ha encontrado una vulnerabilidad clasificada como problemática en SourceCodester Simple Cold Storage Management System versión 1.0. Está afectada una función desconocida del archivo /csms/?page=contact_us del componente Contact Us. La manipulación conlleva a un ataque de tipo cross-site request forgery. Es posible lanzar el ataque de forma remota. La explotación ha sido divulgada al público y puede ser usada. VDB-211194 es el identificador asignado a esta vulnerabilidad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-18 CVE Reserved
- 2022-10-18 CVE Published
- 2024-05-10 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
- CWE-863: Incorrect Authorization
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.211194 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/souravkr529/CSRF-in-Cold-Storage-Management-System/blob/main/PoC | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oretnom23 Search vendor "Oretnom23" | Simple Cold Storage Management System Search vendor "Oretnom23" for product "Simple Cold Storage Management System" | 1.0 Search vendor "Oretnom23" for product "Simple Cold Storage Management System" and version "1.0" | - |
Affected
| ||||||