PT-2022-26352 · Unknown · Sourcecodester Book Store Management System
Le Thi Huyen My
+3
·
Published
2022-11-30
·
Updated
2024-05-17
·
CVE-2022-4228
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Book Store Management System version 1.0
Description
A problematic vulnerability has been found in the SourceCodester Book Store Management System. This issue affects an unknown part of the file
/bsms ci/index.php/user/edit user/ and allows for information disclosure through the manipulation of the password argument. The attack can be initiated remotely.Recommendations
For SourceCodester Book Store Management System version 1.0, consider disabling the
/bsms ci/index.php/user/edit user/ endpoint until a patch is available to prevent exploitation. Restrict access to the password argument in the affected endpoint to minimize the risk of information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Missing Authentication
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Book Store Management System