Vulnerability Description
An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Record Management System Project | Record Management System | - |
References
- https://drive.google.com/file/d/1Rre498CWp9pWyW9h5ran8GkW6TA2NztC/view?usp=shariExploitThird Party Advisory
- https://github.com/RashidKhanPathan/CVE-2022-41446ExploitThird Party Advisory
- https://ihexcoder.wixsite.com/secresearch/post/privilege-escalation-in-teachers-Broken Link
- https://phpgurukul.com/teachers-record-management-system-using-codeigniter/Product
- https://drive.google.com/file/d/1Rre498CWp9pWyW9h5ran8GkW6TA2NztC/view?usp=shariExploitThird Party Advisory
- https://github.com/RashidKhanPathan/CVE-2022-41446ExploitThird Party Advisory
- https://ihexcoder.wixsite.com/secresearch/post/privilege-escalation-in-teachers-Broken Link
- https://phpgurukul.com/teachers-record-management-system-using-codeigniter/Product
FAQ
What is CVE-2022-41446?
CVE-2022-41446 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.
How severe is CVE-2022-41446?
CVE-2022-41446 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-41446?
Check the references section above for vendor advisories and patch information. Affected products include: Record Management System Project Record Management System.