CVE-2022-29008

MEDIUM

Bus Pass Management System v1.0 - Info Disclosure

Title source: llm

Description

An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.

Exploits (2)

exploitdb WRITEUP VERIFIED

by sudoninja · textwebappsphp

https://www.exploit-db.com/exploits/50263

View Code ZIP pw:eip

nomisec STUB

by sudoninja-noob · poc

https://github.com/sudoninja-noob/CVE-2022-29008

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50263

[Third Party Advisory] https://github.com/sudoninja-noob/CVE-2022-29008/blob/main/CVE-2022-29008.txt

Scores

CVSS v3 6.5

EPSS 0.0059

EPSS Percentile 69.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-639

Status published

Products (1)

phpgurukul/bus_pass_management_system 1.0

Published May 11, 2022

Tracked Since Feb 18, 2026