Incorrect Permission Assignment for Critical Resource

CVE-2022-44280

Medium

6.5/10

Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.