CVE-2022-26159

Published: 28/02/2022 Updated: 08/08/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The auto-completion plugin in Ametys CMS prior to 4.5.0 allows a remote unauthenticated malicious user to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ametys ametys

A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.

CVE-2022-26159-Ametys-Autocompletion-XML A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file Features Automatic detection of maximum results returned by the autocompletion plugin Depth first search to dump all the results Output log file Usage $ /CVE-2022

CWE-425 https://issues.ametys.org/browse/CMS-10973 https://podalirius.net/en/cves/2022-26159/https://github.com/p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML/https://nvd.nist.gov https://github.com/p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-26159

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect