Improper Access Control in User List Function Allows Privilege Escalation

Improper Access Control in User List Function Allows Privilege Escalation

CVE-2022-42197 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.

Learn more about our User Device Pen Test.