PT-2022-20074 · Unknown · Air Cargo Management System

K0Xx11

Published

2022-05-13

Updated

2022-05-23

CVE-2022-30367

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Air Cargo Management System version 1.0

Description The issue allows for file deletion via the "/acms/classes/Master.php?f=delete img" API endpoint. This could potentially lead to data loss or system disruption.

Recommendations For Air Cargo Management System version 1.0, consider restricting access to the delete img function in the Master.php file to prevent unauthorized file deletion. As a temporary workaround, disabling the delete img function until a patch is available can help minimize the risk of exploitation.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2022-30367

Affected Products

Air Cargo Management System

PT-2022-20074 · Unknown · Air Cargo Management System

CVE-2022-30367

Weakness Enumeration

Related Identifiers

Affected Products

References · 3