exploitDog

CVE-2022-29950

Опубликовано: 04 мая 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed

Ссылки

https://gist.github.com/Voidager88/73c2d512a72cceb0ef84dbf87a497d10
Exploit
Third Party Advisory
https://www.experian.in/hunter
Product
Vendor Advisory
https://gist.github.com/Voidager88/73c2d512a72cceb0ef84dbf87a497d10
Exploit
Third Party Advisory
https://www.experian.in/hunter
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:experian:hunter:1.16:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00167

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-v2qq-489m-745h

CVSS3: 4.3

github

почти 4 года назад

Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page.

EPSS

Процентиль: 38%

0.00167

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo