CVE Vulnerability

CVE-2022-3774

A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504.

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://vuldb.com/?id.212504 Third Party Advisory
https://github.com/rohit0x5/poc/blob/main/idor Broken Link Third Party Advisory
http://packetstormsecurity.com/files/169604/Train-Scheduler-App-1.0-Insecure-Direct-Object-Reference.html Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:train_scheduler_app_project:train_scheduler_app:1.0:*:*:*:*:*:*:*
Information

Published : 2022-10-31 04:15

Updated : 2022-11-01 04:27

NVD link : CVE-2022-3774

Mitre link : CVE-2022-3774

Products Affected
No products.
CWE
CWE-99