Incorrect Access Control in OcoMon by OcoMon PHP
CVE-2022-40798

7.5HIGH

Key Information:

Vendor: Ocomon Project
Status: Ocomon
Vendor: CVE Published:; 19 October 2022

🔔 Create Ocomon Project Vulnerability Alert

What is CVE-2022-40798?

The OcoMon 4.0RC1 software is susceptible to an Incorrect Access Control issue, which allows malicious users to exploit a flaw in the system. By crafting a specific request, attackers can retrieve genuine email addresses linked to user accounts. If they proceed to send additional requests using the compromised email, they can successfully take over the targeted account. This vulnerability emphasizes the importance of implementing proper access control mechanisms to protect user data and prevent unauthorized access.

References

https://ocomonphp.sourceforge.io/

https://gist.github.com/ninj4c0d3r/89bdd6702bf00d768302f5...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Sep 19, 2022