Lucene search
MitreCVE-2022-36580HistoryAug 31, 2022 - 8:15 p.m.
CVE-2022-36580
2022-08-3120:15:09
CWE-434
mitre
web.nvd.nist.gov
28
6
cve-2022-36580
arbitrary file upload
admin
products
controller
php
crafted file
nvd
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
47.3%
An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file.
Affected configurations
Node
online_ordering_system_projectonline_ordering_systemMatch2.3.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| online_ordering_system_project | online_ordering_system | 2.3.2 | cpe:2.3:a:online_ordering_system_project:online_ordering_system:2.3.2:*:*:*:*:*:*:* |
Social References
More
Related
cvelist
cvelist
CVE-2022-36580
2022-08-31 19:44:14
prion
prion
Privilege escalation
2022-08-31 20:15:00
nvd
nvd
CVE-2022-36580
2022-08-31 20:15:09
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
47.3%
Related for CVE-2022-36580