{"id":"CVE-2022-26247","details":"TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password.","modified":"2026-03-14T08:43:21.993712Z","published":"2022-03-20T19:15:07.707Z","references":[{"type":"REPORT","url":"https://github.com/xiweicheng/tms/issues/16"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xiweicheng/tms","events":[{"introduced":"0"},{"last_affected":"b2140c8b8604d30eda93a13e61b82c290f280f34"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.28.0"}]}}],"versions":["v170221","v2.12.0","v2.13.0","v2.14.0","v2.15.0","v2.16.0","v2.17.0","v2.18.0","v2.19.0","v2.19.1","v2.20.0","v2.21.0","v2.22.0","v2.23.0","v2.24.0","v2.25.0","v2.26.0","v2.27.0","v2.28.0","v2.3.0","v2.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26247.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}