CVE-2022-25402 — Incorrect Authorization in Management System Project Hospital Management System
Severity
9.1CRITICALNVD
EPSS
0.5%
top 32.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 24
Latest updateFeb 25
Description
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2