Lucene search

VulDBCVE-2022-2804

HistoryAug 12, 2022 - 8:15 p.m.

CVE-2022-2804

2022-08-1220:15:09

CWE-434

VulDB

web.nvd.nist.gov

vulnerability

sourcecodester

zoo management system

unrestricted upload

remote attack

cve-2022-2804

nvd

vdb-206250

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.008

Percentile

82.1%

JSON

A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206250 is the identifier assigned to this vulnerability.

Affected configurations

Nvd

Node

phpgurukulzoo_management_systemMatch-

VendorProductVersionCPE
phpgurukulzoo_management_system-cpe:2.3:a:phpgurukul:zoo_management_system:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpgurukul	zoo_management_system	-	cpe:2.3:a:phpgurukul:zoo_management_system:-:::::::*

CNA Affected

[
  {
    "product": "Zoo Management System",
    "vendor": "SourceCodester",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

s1.ax1x.com/2022/08/12/vJ5pEd.png

vuldb.com/?id.206250

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.008

Percentile

82.1%

JSON

Related for CVE-2022-2804