cvedb.io
CVE-2022-22789
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2022-01-25T20:15:08.953 · Last modified 2026-06-17T04:29:02.837

Summary

Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.

Affected products

charactell — formstorm

Does this affect you?

Add your gear to cvedb and we'll alert you only when charactell ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.