SourceCodester Book Store Management System index.php access control
CVE-2022-4229

7.3HIGH

Key Information:

Vendor: Sourcecodester
Status: Book Store Management System
Vendor: CVE Published:; 30 November 2022

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.

Affected Version(s)

Book Store Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-4229 - Proof of Concept

References

https://vuldb.com/?id.214588

vdb-entry

https://vuldb.com/?ctiid.214588

signaturepermissions-required

https://github.com/lithonn/bug-report/tree/main/vendors/o...

exploit

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 30, 2022
👾
Exploit known to exist
Nov 30, 2022
Vulnerability published
Nov 30, 2022
Vulnerability Reserved
Nov 30, 2022

Credit

Ngo Van Tu

Huynh Nhat Hao

leecybersec (VulDB User)