CVE-2022-47130

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-47130
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://portswigger.net/web-security/csrf Technical Description Third Party Advisory
https://xpsec.co/blog/academy-lms-5-10-coupon-csrf Exploit Third Party Advisory
https://www.linkedin.com/in/xvinicius/ Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:creativeitem:academy_lms:*:*:*:*:*:*:*:*
Information

Published : 2023-02-02 17:15

Updated : 2023-02-09 09:07

NVD link : CVE-2022-47130

Mitre link : CVE-2022-47130

JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa
Products Affected

creativeitem

  • academy_lms