CVE-2022-40089

moderate-risk
Published 2022-09-22

A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On.

Do I need to act?

~
2.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Simple College Website

Affected Vendors

Simple College Website Project

References (6)

Exploit https://gowthamaraj-rajendran.medium.com/simple-college-website-1-0-rfi-cff8d827...
Product https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmys...
Product https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-col...
Exploit https://gowthamaraj-rajendran.medium.com/simple-college-website-1-0-rfi-cff8d827...
Product https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmys...
Product https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-col...
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal