CVE-2022-42197

Published: Oct 20, 2022Modified: May 8, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.

Affected (1)

Products: Simple Exam Reviewer Management System Project: Simple Exam Reviewer Management System

Simple Exam Reviewer Management System Project

1 product

Simple Exam Reviewer Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Simple Exam Reviewer Management System Project Simple Exam Reviewer Management System	Version 1.0

Related CWEs

CWE-425

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (4)

https://github.com/ciph0x01/Simple-Exam-Reviewer-Management-System-CVE/blob/main/CVE-2022-42197.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html

Source: cve@mitre.org

Product

https://github.com/ciph0x01/Simple-Exam-Reviewer-Management-System-CVE/blob/main/CVE-2022-42197.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.