CVE-2022-4273

A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://vuldb.com/?id.214769	Permissions Required Third Party Advisory VDB Entry
https://github.com/leecybersec/bug-report/tree/main/sourcecodester/oretnom23/hrm/bypass-fileupload-rce	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*

History

26 Dec 2023, 19:56

Type	Values Removed	Values Added
First Time		Oretnom23 human Resource Management System Oretnom23
CPE	cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:::::::*	cpe:2.3:a:oretnom23:human_resource_management_system:1.0:::::::*

Information

Published : 2022-12-03 09:15

Updated : 2024-01-25 21:40

NVD link : CVE-2022-4273

Mitre link : CVE-2022-4273

JSON object : View

Products Affected

oretnom23

human_resource_management_system

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

9.8 /10