Lucene search

[email protected]CVE-2022-38400

HistorySep 08, 2022 - 8:15 a.m.

CVE-2022-38400

2022-09-0808:15:08

CWE-200

[email protected]

web.nvd.nist.gov

cve-2022-38400

mailform pro

cgi

remote attack

unauthenticated access

data breach

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL.

Affected configurations

Vulners

NVD

Node

synck_graphicamailform_pro_cgiMatch4.3.1

VendorProductVersionCPE
synck_graphicamailform_pro_cgi4.3.1cpe:2.3:a:synck_graphica:mailform_pro_cgi:4.3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
synck_graphica	mailform_pro_cgi	4.3.1	cpe:2.3:a:synck_graphica:mailform_pro_cgi:4.3.1:::::::*

CNA Affected

[
  {
    "product": "Mailform Pro CGI",
    "vendor": "SYNCK GRAPHICA",
    "versions": [
      {
        "status": "affected",
        "version": "4.3.1 and earlier"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN34205166/index.html

www.synck.com/blogs/news/newsroom/detail_1661907555.html

www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html

www.synck.com/downloads/cgi-perl/mailformpro/index.html

Social References

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Related for CVE-2022-38400

cvelist1 jvn1 prion1 nvd1