PT-2023-15122 · Unknown · Revenue Collection System

Published

2023-01-26

Updated

2025-03-31

CVE-2022-46967

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Revenue Collection System version 1.0

Description The issue allows unauthenticated attackers to view the contents of the "/admin/DBbackup/" directory. This is due to an access control problem.

Recommendations For Revenue Collection System version 1.0, restrict access to the "/admin/DBbackup/" directory to prevent unauthenticated viewing of its contents. Consider implementing proper access controls to mitigate this issue.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2022-46967

Affected Products

Revenue Collection System

PT-2023-15122 · Unknown · Revenue Collection System

CVE-2022-46967

Weakness Enumeration

Related Identifiers

Affected Products

References · 6