CVE-2022-2808

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-2808
Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before 2.1.11.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.usom.gov.tr/bildirim/tr-22-0708 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:algan:prens_student_information_system:*:*:*:*:*:*:*:*
History

01 Feb 2024, 18:04

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Algan Software Prens Student Information System permite la inyección de mapeo relacional de objetos. Este problema afecta a Prens Student Information System: antes del 2.1.11.

17 Apr 2023, 08:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.1 		v2 : unknown
v3 : 8.8

16 Apr 2023, 10:15

Type Values Removed Values Added
Summary Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability. Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before 2.1.11.
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : 7.1

05 Dec 2022, 19:31

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CWE CWE-639
CPE cpe:2.3:a:algan:prens_student_information_system:*:*:*:*:*:*:*:*
First Time Algan
Algan prens Student Information System
References (CONFIRM) https://www.usom.gov.tr/bildirim/tr-22-0708 - (CONFIRM) https://www.usom.gov.tr/bildirim/tr-22-0708 - Third Party Advisory

02 Dec 2022, 13:15

Type Values Removed Values Added
Summary Algan Yazılım Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability. Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability.

02 Dec 2022, 12:30

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-02 12:15

Updated : 2024-02-01 18:04

NVD link : CVE-2022-2808

Mitre link : CVE-2022-2808

CVE.ORG link : CVE-2022-2808

JSON object : View

Products Affected

algan

  • prens_student_information_system
CWE
CWE-639

Authorization Bypass Through User-Controlled Key