CVE-2022-35621
MEDIUMEvohClaimable NFT Contract - Fraudulent NFT Transfers via Access Control Failure
Title source: manualDescription
Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/MacherCS/CVE_Evoh_Contract
Scores
CVSS v3
5.3
EPSS
0.0074
EPSS Percentile
50.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
evohclaimable_project/evohclaimable
Published
Sep 21, 2022
Tracked Since
Feb 18, 2026