Lucene search

MitreCVE-2022-42154

HistoryOct 17, 2022 - 2:15 p.m.

CVE-2022-42154

2022-10-1714:15:13

CWE-434

mitre

web.nvd.nist.gov

222

cve-2022-42154

arbitrary file upload

74cmsse v3.13.0

security vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

65.1%

JSON

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.

Affected configurations

Nvd

Node

74cms74cmsseMatch3.13.0

VendorProductVersionCPE
74cms74cmsse3.13.0cpe:2.3:a:74cms:74cmsse:3.13.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
74cms	74cmsse	3.13.0	cpe:2.3:a:74cms:74cmsse:3.13.0:::::::*

References

github.com/xxhzz1/74cmsSE-Arbitrary-file-upload-vulnerability/issues/1

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

65.1%

JSON

Related for CVE-2022-42154