CVE-2022-28741 - OpenCVE

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Aenrich	A\+hrd

Configuration 1 [-]

OR	cpe:2.3:a:aenrich:a\+hrd::::::::
	cpe:2.3:a:aenrich:a\+hrd::::::::
	cpe:2.3:a:aenrich:a\+hrd::::::::
	cpe:2.3:a:aenrich:a\+hrd::::::::

References

Link	Resource
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0035/MNDT-2022-0035.md	Third Party Advisory
https://www.aenrich.com.tw	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-09T15:48:42

Updated: 2022-09-09T15:48:42

Reserved: 2022-04-06T00:00:00

Link: CVE-2022-28741

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-09T16:15:08.807

Modified: 2023-08-08T14:22:24.967

Link: CVE-2022-28741

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aenrich:a\\+hrd:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BE990FD-3797-407B-AAAF-0818010D42CD", "versionEndExcluding": "5.4.1125v112", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:aenrich:a\\+hrd:*:*:*:*:*:*:*:*", "matchCriteriaId": "613476D0-F7AD-4248-8D47-6C1D4101CC98", "versionEndExcluding": "5.5.1098v156", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:aenrich:a\\+hrd:*:*:*:*:*:*:*:*", "matchCriteriaId": "53BE0D82-D168-4573-9B1B-387A446357F1", "versionEndExcluding": "5.6.1067v110", "versionStartIncluding": "5.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:aenrich:a\\+hrd:*:*:*:*:*:*:*:*", "matchCriteriaId": "738309D4-7D57-4B2C-BBE2-C90AA6BC155C", "versionEndExcluding": "7.0", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x"}, {"lang": "es", "value": "aEnrich a+HRD Learning Management Key Performance Indicator System versi\u00f3n 5.x, presenta una vulnerabilidad de inclusi\u00f3n de archivos locales (LFI) que se produce debido a una falta de comprobaci\u00f3n de entrada en versi\u00f3n v5.x"}], "id": "CVE-2022-28741", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-09T16:15:08.807", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0035/MNDT-2022-0035.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.aenrich.com.tw"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}