OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover.
References
Link | Resource |
---|---|
https://gist.github.com/ninj4c0d3r/89bdd6702bf00d768302f5e0e5bb8adc | Exploit Third Party Advisory |
https://ocomonphp.sourceforge.io/ | Product Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Oct 2022, 20:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ocomon Project ocomon
Ocomon Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:ocomon_project:ocomon:*:*:*:*:*:*:*:* cpe:2.3:a:ocomon_project:ocomon:4.0:-:*:*:*:*:*:* cpe:2.3:a:ocomon_project:ocomon:4.0:rc1:*:*:*:*:*:* |
|
References | (MISC) https://ocomonphp.sourceforge.io/ - Product, Third Party Advisory | |
References | (MISC) https://gist.github.com/ninj4c0d3r/89bdd6702bf00d768302f5e0e5bb8adc - Exploit, Third Party Advisory |
19 Oct 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-19 02:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-40798
Mitre link : CVE-2022-40798
CVE.ORG link : CVE-2022-40798
JSON object : View
Products Affected
ocomon_project
- ocomon
CWE