PT-2022-17061 · Unknown · Home Owners Collection Management System

Vivek Panday

Published

2022-03-02

Updated

2022-03-09

CVE-2022-25045

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Home Owners Collection Management System version 1.0

Description The issue concerns hardcoded credentials in the system, which allows attackers to escalate privileges and access the admin panel.

Recommendations For Home Owners Collection Management System version 1.0, consider removing or modifying the hardcoded credentials to prevent privilege escalation. As a temporary workaround, restrict access to the admin panel until the hardcoded credentials issue is resolved. Avoid using the system with the current credentials until a secure update or patch is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2022-25045

Affected Products

Home Owners Collection Management System

PT-2022-17061 · Unknown · Home Owners Collection Management System

CVE-2022-25045

Weakness Enumeration

Related Identifiers

Affected Products

References · 6