CVE-2022-1715

Description

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.08 due to improper type casting.

How to fix CVE-2022-1715

To remediate CVE-2022-1715, upgrade the affected package to a fixed version below.

• Packagist/facturascripts/facturascripts—upgrade to 2022.08 or later

Is CVE-2022-1715 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2022.08

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-1715
• PATCHgithub.com/neorazorx/facturascripts
• WEBgithub.com/neorazorx/facturascripts/commit/714bebf4c35e3eedda138f5ee912a8031bc8b1ab
• WEBhuntr.dev/bounties/58918962-ccb5-47f9-bb43-ffd8cae1ef24