CVE-2022-27157 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Affected Products (NVD)

Vendor	Product	Version
php	pearweb	𝑥 < 1.32.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References

https://github.com/pear/pearweb/commit/6447c174a6b4bd76d28ecca8543cbd24bf394f99#diff-204452a70c5b0b0084097fcff6aee77c2c38cb77a41c4b2dd0065fda37a7489c

https://github.com/pear/pearweb/commit/6447c174a6b4bd76d28ecca8543cbd24bf394f99#diff-204452a70c5b0b0084097fcff6aee77c2c38cb77a41c4b2dd0065fda37a7489c