CVE-2022-1287

Summary

A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
unspecifiedSchool Club Application System1.0affected

Weaknesses

  • CWE-99: CWE-99 Improper Control of Resource Identifiers

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References