Lucene search

JpcertCVE-2022-42458

HistoryDec 07, 2022 - 10:15 a.m.

CVE-2022-42458

2022-12-0710:15:11

CWE-287

jpcert

web.nvd.nist.gov

In Wild

cve

2022

42458

authentication bypass

bingo!cms

vulnerability

remote unauthenticated attacker

arbitrary file upload

arbitrary script execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.

Affected configurations

Nvd

Vulners

Node

shift-techbingo\!cmsRange≤1.7.4.1

VendorProductVersionCPE
shift-techbingo\!cms*cpe:2.3:a:shift-tech:bingo\!cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shift-tech	bingo\!cms	*	cpe:2.3:a:shift-tech:bingo\!cms::::::::

CNA Affected

[
  {
    "vendor": "Shift Tech Inc.",
    "product": "bingo!CMS",
    "versions": [
      {
        "version": "version1.7.4.1 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN74592196/index.html

www.bingo-cms.jp/information/20221011.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

Related for CVE-2022-42458