CVE-2022-1248

SAP Information System POST Request add_admin.php improper authentication

CVSS 7.3 HIGHEPSS 1.3%CWE-287

A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Productos afectados

unspecified · SAP Information System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/166609/SAP-Information-System-1.0.0-Missing-Authorization.html https://vuldb.com/?id.196550