CVE-2022-4232
SourceCodester Event Registration System unrestricted upload
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.
Una vulnerabilidad fue encontrada en SourceCodester Event Registration System 1.0 y clasificada como crítica. Una función desconocida es afectada por esta función. La manipulación del argumento cmd conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. VDB-214590 es el identificador asignado a esta vulnerabilidad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-11-30 CVE Reserved
- 2022-11-30 CVE Published
- 2024-06-22 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-266: Incorrect Privilege Assignment
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.214590 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rinvizle Search vendor "Rinvizle" | Event Registration System Search vendor "Rinvizle" for product "Event Registration System" | 1.0 Search vendor "Rinvizle" for product "Event Registration System" and version "1.0" | - |
Affected
| ||||||