PT-2022-21975 · Unknown · Barangay Management System

Published

2022-07-19

Updated

2022-07-25

CVE-2022-34024

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Barangay Management System version 1.0

Description The Barangay Management System contains an arbitrary file upload vulnerability. This issue is exploited via the resident module editing function at the "/bmis/pages/resident/resident.php" API endpoint.

Recommendations For Barangay Management System version 1.0, as a temporary workaround, consider disabling the resident module editing function at the "/bmis/pages/resident/resident.php" API endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-34024

Affected Products

Barangay Management System

PT-2022-21975 · Unknown · Barangay Management System

CVE-2022-34024

Weakness Enumeration

Related Identifiers

Affected Products

References · 4