Wiz
Vulnerability DatabaseCVE-2022-2927

CVE-2022-2927
PHP vulnerability analysis and mitigation

Overview

A weak password requirements vulnerability was identified in GitHub repository notrinos/notrinoserp prior to version 0.7, tracked as CVE-2022-2927. The vulnerability was discovered and disclosed on August 22, 2022, affecting the password validation mechanism in the user management system (MITRE).

Technical details

The vulnerability exists in the password validation logic of the user management system. The issue specifically relates to insufficient password requirement checks when adding new users. A code fix was implemented to enhance the password validation by modifying the condition check in the admin/users.php file (GitHub Commit).

Impact

The weak password requirements could allow attackers to create accounts with insufficiently secure passwords, potentially compromising system security by making it easier to perform brute force attacks or guess user credentials (MITRE).

Mitigation and workarounds

The vulnerability has been fixed in version 0.7 of the notrinoserp repository. Users should upgrade to this version or later to receive the enhanced password validation requirements. The fix implements stricter password validation checks for new user creation (GitHub Commit).

Additional resources

SourceThis report was generated using AI

Related PHP vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-13828CRITICAL9
  • PHPPHP
  • mautic/core
NoYesDec 02, 2025
CVE-2025-13827HIGH8.8
  • PHPPHP
  • mautic/grapes-js-builder-bundle
NoYesDec 02, 2025
CVE-2025-66312MEDIUM6.2
  • PHPPHP
  • getgrav/grav
NoYesDec 01, 2025
CVE-2025-66311MEDIUM6.2
  • PHPPHP
  • getgrav/grav
NoYesDec 01, 2025
CVE-2025-66310MEDIUM6.2
  • PHPPHP
  • getgrav/grav
NoYesDec 01, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo