SourceCodester Book Store Management System 1.0 /bsms_ci/index.php access control
A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. Using CWE to declare the problem leads to CWE-284. The weakness was presented 11/30/2022 by Ngo Van Tu and Huynh Nhat Hao with CMC TSSG. The advisory is shared for download at github.com. This vulnerability was named CVE-2022-4229. The attack can be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1068. It is declared as proof-of-concept. It is possible to download the exploit at github.com. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.