CVE-2022-1287

MEDIUM

School Club Application System 1.0 - Unauthenticated Privilege Escalation via Users.php Save User Request

Title source: llm

Description

A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://vuldb.com/?id.196750

Scores

CVSS v3 6.5

EPSS 0.0071

EPSS Percentile 48.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-99

Status published

Products (1)

school_club_application_system_project/school_club_application_system 1.0

Published Apr 09, 2022

Tracked Since Feb 18, 2026