CVE-2021-44582

Опубликовано: 10 июн. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.

Ссылки

https://github.com/warmachine-57/CVE-2021-44582/blob/main/Privilege%20Escalation%20via%20Forced%20Browsing%20in%20Sourcecodester%20Money%20Transfer%20Management%20System
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html
Product
Third Party Advisory
https://github.com/warmachine-57/CVE-2021-44582/blob/main/Privilege%20Escalation%20via%20Forced%20Browsing%20in%20Sourcecodester%20Money%20Transfer%20Management%20System
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:money_transfer_management_system_project:money_transfer_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.0025

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-425

Связанные уязвимости

GHSA-m62q-gfwg-6w9f