CVE-2022-46074

HIGH

Helmet Store Showroom 1.0 - Unauthenticated Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection.

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://yuyudhn.github.io/CVE-2022-46074/

Scores

CVSS v3 8.8
EPSS 0.0049
EPSS Percentile 38.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-352
Status published
Products (1)
helmet_store_showroom_project/helmet_store_showroom 1.0
Published Dec 14, 2022
Tracked Since Feb 18, 2026