Insecure Direct Object Reference in Bus Pass Management System by Sudoninja
CVE-2022-29008

6.5MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Bus Pass Management System
Vendor: CVE Published:; 11 May 2022

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-29008?

An insecure direct object reference (IDOR) vulnerability in the Bus Pass Management System v1.0 allows malicious users to manipulate parameters within requests. By altering the 'viewid' parameter, attackers can gain unauthorized access to sensitive information that is meant to be protected. This vulnerability highlights the importance of proper access controls and input validation mechanisms to safeguard user data and system integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-29008
Created by sudoninja-noob

References

https://www.exploit-db.com/exploits/50263

x_refsource_MISC

https://github.com/sudoninja-noob/CVE-2022-29008/blob/mai...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 21, 2022
👾
Exploit known to exist
May 21, 2022
Vulnerability published
May 11, 2022
Vulnerability Reserved
Apr 11, 2022