Incorrect Access Control in OcoMon by OcoMon PHP
CVE-2022-40798

7.5HIGH

Key Information:

Vendor
Ocomon Project
Status
Ocomon
Vendor
CVE Published:
19 October 2022

Summary

The OcoMon 4.0RC1 software is susceptible to an Incorrect Access Control issue, which allows malicious users to exploit a flaw in the system. By crafting a specific request, attackers can retrieve genuine email addresses linked to user accounts. If they proceed to send additional requests using the compromised email, they can successfully take over the targeted account. This vulnerability emphasizes the importance of implementing proper access control mechanisms to protect user data and prevent unauthorized access.

References

https://ocomonphp.sourceforge.io/
https://gist.github.com/ninj4c0d3r/89bdd6702bf00d768302f5...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-40798 : Incorrect Access Control in OcoMon by OcoMon PHP | SecurityVulnerability.io