CVE-2022-3774

Exploit

EPSS 0.5%
Veröffentlicht 31.10.2022 16:15:11
Zuletzt bearbeitet 21.11.2024 07:20:13
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Train Scheduler App Project ≫ Train Scheduler App Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.651

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
cna@vuldb.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-99 Improper Control of Resource Identifiers ('Resource Injection')

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

http://packetstormsecurity.com/files/169604/Train-Scheduler-App-1.0-Insecure-Direct-Object-Reference.html

Third Party Advisory

Exploit

https://github.com/rohit0x5/poc/blob/main/idor

Third Party Advisory

Broken Link

https://vuldb.com/?id.212504

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3774

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3774

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3774

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3774