exploitDog

CVE-2022-24982

Опубликовано: 16 фев. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials.

Ссылки

https://JQueryForm.com
Vendor Advisory
https://gist.github.com/pb-nsi/4d0a1ede76d4e97083b3435f820bf560
Third Party Advisory
https://www.nou-systems.com/cyber-security
Third Party Advisory
https://JQueryForm.com
Vendor Advisory
https://gist.github.com/pb-nsi/4d0a1ede76d4e97083b3435f820bf560
Third Party Advisory
https://www.nou-systems.com/cyber-security
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jqueryform:jqueryform:*:*:*:*:*:*:*:*

Версия до 2022-02-05 (исключая)

EPSS

Процентиль: 49%

0.00257

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-36xf-46cq-66rf

github

почти 4 года назад

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials.

EPSS

Процентиль: 49%

0.00257

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-522