CVE-2022-40089

Published: Sep 22, 2022Modified: May 27, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On.

Affected (1)

Products: Simple College Website Project: Simple College Website

Simple College Website Project

1 product

Simple College Website

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Simple College Website Project Simple College Website	Version 1.0

Related CWEs

CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

References (6)

https://gowthamaraj-rajendran.medium.com/simple-college-website-1-0-rfi-cff8d827572e

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html

Source: cve@mitre.org

Product

https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-college-website.zip

Source: cve@mitre.org

Product

https://gowthamaraj-rajendran.medium.com/simple-college-website-1-0-rfi-cff8d827572e

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-college-website.zip

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.