SourceCodester Event Registration System 1.0 cmd unrestricted upload

EntryHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. Using CWE to declare the problem leads to CWE-434. The weakness was published 11/30/2022. The advisory is available at vuldb.com. This vulnerability is traded as CVE-2022-4232. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1608.002 by the MITRE ATT&CK project. It is declared as proof-of-concept. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field	11/30/2022 11:55	12/24/2022 18:43	12/24/2022 18:51
vendor	SourceCodester	SourceCodester	SourceCodester
name	Event Registration System	Event Registration System	Event Registration System
version	1.0	1.0	1.0
argument	cmd	cmd	cmd
cwe	434 (unrestricted upload)	434 (unrestricted upload)	434 (unrestricted upload)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
availability	1	1	1
cve	CVE-2022-4232	CVE-2022-4232	CVE-2022-4232
responsible	VulDB	VulDB	VulDB
date	1669762800 (11/30/2022)	1669762800 (11/30/2022)	1669762800 (11/30/2022)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	5.8	5.8	5.8
cvss2_vuldb_tempscore	5.0	5.0	5.0
cvss3_vuldb_basescore	4.7	4.7	4.7
cvss3_vuldb_tempscore	4.3	4.3	4.3
cvss3_meta_basescore	4.7	4.7	6.4
cvss3_meta_tempscore	4.3	4.3	6.3
price_0day	$0-$5k	$0-$5k	$0-$5k
url		https://vuldb.com/?id.214590	https://vuldb.com/?id.214590
cve_assigned		1669762800 (11/30/2022)	1669762800 (11/30/2022)
cve_nvd_summary		A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.	A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			H
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			4.7

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!