CVE-2022-42197

MEDIUM

Simple Exam Reviewer Management System <1.0 - Privilege Escalation

Title source: llm

Description

In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.

References (2)

[Exploit, Third Party Advisory] https://github.com/ciph0x01/Simple-Exam-Reviewer-Management-System-CVE/blob/main/CVE-2022-42197.md

View Exploit ZIP pw:eip

[Product] https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 32.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-425

Status published

Products (1)

simple_exam_reviewer_management_system_project/simple_exam_reviewer_management_system 1.0

Published Oct 20, 2022

Tracked Since Feb 18, 2026