CVE-2022-22789
MEDIUMCharactell FormStorm - Unauthenticated Account Takeover via Password File Manipulation
Title source: llmDescription
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.gov.il/en/departments/faq/cve_advisories
Scores
CVSS v3
6.1
EPSS
0.0015
EPSS Percentile
4.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Details
CWE
CWE-312
Status
published
Products (1)
charactell/formstorm
9.00.065
Published
Jan 25, 2022
Tracked Since
Feb 18, 2026