CVE-2022-2212

MEDIUM

Library Management System 1.0 - Unrestricted File Upload via Image Parameter in /card/index.php

Title source: llm

Description

A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/CyberThoth/CVE/blob/main/CVE/Library%20Management%20System%20with%20QR%20code%20Attendance/File_Upload/POC.md

View Exploit ZIP pw:eip

Third Party Advisory, VDB Entry x_refsource_misc

https://vuldb.com/?id.202758

Scores

CVSS v3 6.3

EPSS 0.0081

EPSS Percentile 52.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

library_management_system_project/library_management_system 1.0

Published Jun 27, 2022

Tracked Since Feb 18, 2026