CVE-2022-3496

A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://vuldb.com/?id.210785	Permissions Required Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*

History

26 Dec 2023, 19:56

Type	Values Removed	Values Added
First Time		Oretnom23 human Resource Management System Oretnom23
CPE	cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:::::::*	cpe:2.3:a:oretnom23:human_resource_management_system:1.0:::::::*

Information

Published : 2022-10-14 07:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-3496

Mitre link : CVE-2022-3496

CVE.ORG link : CVE-2022-3496

JSON object : View

Products Affected

oretnom23

human_resource_management_system

CWE

NVD-CWE-Other CWE-266

Incorrect Privilege Assignment

{"id": "CVE-2022-3496", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2022-10-14T07:15:09.277", "references": [{"url": "https://vuldb.com/?id.210785", "tags": ["Permissions Required", "Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-266"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en SourceCodester Human Resource Management System versi\u00f3n 1.0 y ha sido clasificada como cr\u00edtica. Este problema afecta a un procesamiento desconocido del archivo employeeadd.php del componente Admin Panel. La manipulaci\u00f3n conlleva a un control de acceso inapropiado. El ataque puede ser iniciado de forma remota. El identificador VDB-210785 ha sido asignado a esta vulnerabilidad"}], "lastModified": "2024-01-25T21:44:39.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}