CVE-2022-39179 (GCVE-0-2022-39179)

Vulnerability from cvelistv5 – Published: 2022-11-17 22:27 – Updated: 2025-04-28 18:14
VLAI?
Summary
College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file.
Severity ?
7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • Authenticated remote code execution
Assigner
References
Impacted products
Vendor Product Version
College Management College Management System v1.0 Affected: All versions , < Upgrade to the latest version. (git)
Create a notification for this product.
Credits
Liav Gutman
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:42.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39179",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-28T18:14:02.645768Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-89",
                "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-28T18:14:25.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "College Management System v1.0",
          "vendor": "College Management",
          "versions": [
            {
              "lessThan": " Upgrade to the latest version.",
              "status": "affected",
              "version": "All versions",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Liav Gutman"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCollege Management System v1.0 - Authenticated remote code execution.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.php file that contains malicious code via student.php file.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nCollege Management System v1.0 - Authenticated remote code execution.\nAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\n.php file that contains malicious code via student.php file.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authenticated remote code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-25T13:18:21.458Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
        }
      ],
      "source": {
        "advisory": "ILVN-2022-0060",
        "discovery": "UNKNOWN"
      },
      "title": "College Management System v1.0 - Authenticated remote code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2022-39179",
    "datePublished": "2022-11-17T22:27:55.603Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-28T18:14:25.817Z",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:college_management_system_project:college_management_system:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3ADB4C9F-1230-4F3E-9E79-15F80FE25866\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nCollege Management System v1.0 - Authenticated remote code execution.\\nAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\\n.php file that contains malicious code via student.php file.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"College Management System v1.0: ejecuci\\u00f3n remota de c\\u00f3digo autenticado. Un usuario administrador (la autenticaci\\u00f3n se puede omitir mediante la inyecci\\u00f3n SQL que mencion\\u00e9 en mi otro informe) puede cargar un archivo .php que contenga c\\u00f3digo malicioso a trav\\u00e9s del archivo Student.php.\"}]",
      "id": "CVE-2022-39179",
      "lastModified": "2024-11-21T07:17:43.663",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@cyber.gov.il\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
      "published": "2022-11-17T23:15:18.490",
      "references": "[{\"url\": \"https://www.gov.il/en/Departments/faq/cve_advisories\", \"source\": \"cna@cyber.gov.il\"}, {\"url\": \"https://www.gov.il/en/Departments/faq/cve_advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cna@cyber.gov.il",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-39179\",\"sourceIdentifier\":\"cna@cyber.gov.il\",\"published\":\"2022-11-17T23:15:18.490\",\"lastModified\":\"2025-04-28T19:15:45.357\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nCollege Management System v1.0 - Authenticated remote code execution.\\nAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\\n.php file that contains malicious code via student.php file.\\n\\n\"},{\"lang\":\"es\",\"value\":\"College Management System v1.0: ejecuci\u00f3n remota de c\u00f3digo autenticado. Un usuario administrador (la autenticaci\u00f3n se puede omitir mediante la inyecci\u00f3n SQL que mencion\u00e9 en mi otro informe) puede cargar un archivo .php que contenga c\u00f3digo malicioso a trav\u00e9s del archivo Student.php.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@cyber.gov.il\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:college_management_system_project:college_management_system:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ADB4C9F-1230-4F3E-9E79-15F80FE25866\"}]}]}],\"references\":[{\"url\":\"https://www.gov.il/en/Departments/faq/cve_advisories\",\"source\":\"cna@cyber.gov.il\"},{\"url\":\"https://www.gov.il/en/Departments/faq/cve_advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.gov.il/en/Departments/faq/cve_advisories\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:00:42.476Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-39179\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-28T18:14:02.645768Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-28T18:14:13.275Z\"}}], \"cna\": {\"title\": \"College Management System v1.0 - Authenticated remote code execution\", \"source\": {\"advisory\": \"ILVN-2022-0060\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Liav Gutman\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"College Management\", \"product\": \"College Management System v1.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\", \"lessThan\": \" Upgrade to the latest version.\", \"versionType\": \"git\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.gov.il/en/Departments/faq/cve_advisories\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nCollege Management System v1.0 - Authenticated remote code execution.\\nAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\\n.php file that contains malicious code via student.php file.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCollege Management System v1.0 - Authenticated remote code execution.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e.php file that contains malicious code via student.php file.\u003c/span\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Authenticated remote code execution\"}]}], \"providerMetadata\": {\"orgId\": \"a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f\", \"shortName\": \"INCD\", \"dateUpdated\": \"2023-10-25T13:18:21.458Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-39179\", \"state\": \"PUBLISHED\", \"serial\": 1, \"dateUpdated\": \"2025-04-28T18:14:25.817Z\", \"dateReserved\": \"2022-09-02T00:00:00.000Z\", \"assignerOrgId\": \"a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f\", \"datePublished\": \"2022-11-17T22:27:55.603Z\", \"assignerShortName\": \"INCD\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.