CVE-2022-2578 — Improper Access Control in Garage Management System

CWE-284 — Improper Access Control3 documents3 sources

Severity

9.8CRITICALNVD

CNA6.3

EPSS

0.3%

top 44.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Garage Management System Garage Management System Project Garage Management System

Timeline

PublishedJul 29

Latest updateJul 30

Description

A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sourcecodester/garage_management_system1.0

▶NVDgarage_management_system_project/garage_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-73c5-q6c6-4qqm: A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1↗2022-07-30

▶

CVEList

SourceCodester Garage Management System createUser.php access control↗2022-07-29

▶