CVE-2022-45614 Information

Description

An issue in the /index.php/user/edit_user/ component of Book Store Management System v1.0 allows unauthenticated attackers to retrieve the password hashes of all existing user accounts via a crafted request.

Reference

https://github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/passwd-hash