Search for vulnerabilities
Vulnerability details: VCID-xkcz-7qfm-aaab
Vulnerability ID VCID-xkcz-7qfm-aaab
Aliases CVE-2022-3492
Summary A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-707 Improper Neutralization
System Score Found at
epss 0.00103 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00103 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00103 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00103 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
epss 0.00553 https://api.first.org/data/v1/epss?cve=CVE-2022-3492
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3492
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3492
archlinux Unknown https://security.archlinux.org/AVG-2828
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-3492
https://vuldb.com/?id.210772
AVG-2828 https://security.archlinux.org/AVG-2828
cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*
cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*
CVE-2022-3492 https://nvd.nist.gov/vuln/detail/CVE-2022-3492
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3492
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3492
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.43011
EPSS Score 0.00103
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.