CVE-2022-40798

{"id": "CVE-2022-40798", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-10-19T02:15:09.060", "references": [{"url": "https://gist.github.com/ninj4c0d3r/89bdd6702bf00d768302f5e0e5bb8adc", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ocomonphp.sourceforge.io/", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/ninj4c0d3r/89bdd6702bf00d768302f5e0e5bb8adc", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ocomonphp.sourceforge.io/", "tags": ["Product", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover."}, {"lang": "es", "value": "OcoMon versi\u00f3n 4.0RC1, es vulnerable a un Control de Acceso Incorrecto. Mediante una petici\u00f3n el usuario puede obtener el correo electr\u00f3nico real, enviando la misma petici\u00f3n con el correo electr\u00f3nico correcto es una toma de control de cuenta"}], "lastModified": "2025-05-08T20:15:21.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ocomon_project:ocomon:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C6F88F7-8D64-4B93-B434-3CD4C3823CBC", "versionEndExcluding": "4.0"}, {"criteria": "cpe:2.3:a:ocomon_project:ocomon:4.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2344956-8C2F-4B56-882D-20EA4F7A3EEE"}, {"criteria": "cpe:2.3:a:ocomon_project:ocomon:4.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "864B6EC3-39B6-4FCA-80D0-412141006E65"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}