8.8
CVE-2022-42238
- EPSS 0.29%
- Veröffentlicht 11.10.2022 18:15:11
- Zuletzt bearbeitet 20.05.2025 14:15:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginA Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Merchandise Online Store Project ≫ Merchandise Online Store Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.523 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.