CVE-2022-1248
HIGHSAP Information System 1.0 - Unauthenticated Admin Account Creation via add_admin.php
Title source: llmDescription
A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://vuldb.com/?id.196550
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/166609/SAP-Information-System-1.0.0-Missing-Authorization.html
Scores
CVSS v3
7.3
EPSS
0.0133
EPSS Percentile
67.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-287
CWE-306
Status
published
Products (1)
sap_information_system_project/sap_information_system
1.0
Published
Apr 06, 2022
Tracked Since
Feb 18, 2026