PT-2022-17265 · Hms · Hms
Published
2022-02-23
·
Updated
2023-08-08
·
CVE-2022-25402
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
HMS version 1.0
Description
An issue with access control in HMS allows unauthenticated attackers to read and modify all PHP files.
Recommendations
For HMS version 1.0, consider restricting access to PHP files until a fix is available. As a temporary workaround, review and secure access controls to prevent unauthorized modifications.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hms