CVE-2022-26247

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-26247
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26247.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-26247
Published
2022-03-20T19:15:07.707Z
Modified
2026-03-14T08:43:21.993712Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password.

References

Affected packages

Git / github.com/xiweicheng/tms

Affected ranges

Type
GIT
Repo
https://github.com/xiweicheng/tms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b2140c8b8604d30eda93a13e61b82c290f280f34
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.28.0"
        }
    ]
}

Affected versions

Other
v170221
v2.*
v2.12.0
v2.13.0
v2.14.0
v2.15.0
v2.16.0
v2.17.0
v2.18.0
v2.19.0
v2.19.1
v2.20.0
v2.21.0
v2.22.0
v2.23.0
v2.24.0
v2.25.0
v2.26.0
v2.27.0
v2.28.0
v2.3.0
v2.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26247.json"