{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T07:16:15.867","vulnerabilities":[{"cve":{"id":"CVE-2022-39179","sourceIdentifier":"cna@cyber.gov.il","published":"2022-11-17T23:15:18.490","lastModified":"2025-04-28T19:15:45.357","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\nCollege Management System v1.0 - Authenticated remote code execution.\nAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\n.php file that contains malicious code via student.php file.\n\n"},{"lang":"es","value":"College Management System v1.0: ejecución remota de código autenticado. Un usuario administrador (la autenticación se puede omitir mediante la inyección SQL que mencioné en mi otro informe) puede cargar un archivo .php que contenga código malicioso a través del archivo Student.php."}],"metrics":{"cvssMetricV31":[{"source":"cna@cyber.gov.il","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:college_management_system_project:college_management_system:1.0:*:*:*:*:*:*:*","matchCriteriaId":"3ADB4C9F-1230-4F3E-9E79-15F80FE25866"}]}]}],"references":[{"url":"https://www.gov.il/en/Departments/faq/cve_advisories","source":"cna@cyber.gov.il"},{"url":"https://www.gov.il/en/Departments/faq/cve_advisories","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}