CVE-2022-4232

CWE-266 CWE-434 — Unrestricted File Upload CWE-284 — Improper Access Control3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 45.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Event Registration System Rinvizle Event Registration System

Timeline

PublishedNov 30

Description

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/event_registration_system1.0

▶NVDrinvizle/event_registration_system1.0

🔴Vulnerability Details

GHSA

GHSA-phxq-3m6p-p9q4: A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1↗2022-11-30

▶

CVEList

SourceCodester Event Registration System unrestricted upload↗2022-11-30

▶