CVE-2022-2312 (GCVE-0-2022-2312)

Vulnerability from cvelistv5 – Published: 2022-08-22 15:01 – Updated: 2024-08-03 00:32
VLAI
Title
Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF
Summary
The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting
Severity
No CVSS data available.
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
  • CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
Vendor Product Version
Unknown Student Result or Employee Database Affected: 1.7.5 , < 1.7.5 (custom)
Create a notification for this product.
Credits
Vinay Varma Mudunuri Krishna Harsha Kondaveeti
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:09.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Student Result or Employee Database",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.7.5",
              "status": "affected",
              "version": "1.7.5",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Vinay Varma Mudunuri"
        },
        {
          "lang": "en",
          "value": "Krishna Harsha Kondaveeti"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-22T15:01:18.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Student Result or Employee Database \u003c 1.7.5 - Stored Cross Site Scripting via CSRF",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-2312",
          "STATE": "PUBLIC",
          "TITLE": "Student Result or Employee Database \u003c 1.7.5 - Stored Cross Site Scripting via CSRF"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Student Result or Employee Database",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.7.5",
                            "version_value": "1.7.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Vinay Varma Mudunuri"
          },
          {
            "lang": "eng",
            "value": "Krishna Harsha Kondaveeti"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-2312",
    "datePublished": "2022-08-22T15:01:18.000Z",
    "dateReserved": "2022-07-05T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:32:09.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-2312",
      "date": "2026-05-25",
      "epss": "0.00083",
      "percentile": "0.24041"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-2312\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2022-08-22T15:15:14.507\",\"lastModified\":\"2024-11-21T07:00:44.867\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting\"},{\"lang\":\"es\",\"value\":\"El plugin Student Result o Employee Database de WordPress versiones anteriores a 1.7.5, no presenta CSRF en sus acciones AJAX, lo que permite a atacantes hacer que un usuario con un rol tan bajo como el de colaborador pueda a\u00f1adir/editar y eliminar estudiantes por medio de ataques de tipo CSRF. Adem\u00e1s, debido a una falta de saneo y escape, tambi\u00e9n podr\u00eda conllevar a un ataque de tipo Cross-Site scripting Almacenado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"},{\"lang\":\"en\",\"value\":\"CWE-639\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:student_result_or_employee_database_project:student_result_or_employee_database:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"1.7.5\",\"matchCriteriaId\":\"814545E2-A94F-4A0D-977E-1E50AA8ACBDD\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.