Lucene search

[email protected]NVD:CVE-2022-32119

HistoryJul 15, 2022 - 12:15 p.m.

CVE-2022-32119

2022-07-1512:15:09

CWE-434

[email protected]

web.nvd.nist.gov

arox school

erp pro

arbitrary file upload

vulnerabilities

photogalleries

import staff excel

1finance master.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.5%

JSON

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.

Affected configurations

Nvd

Node

aroxschool_erp_proMatch1.0

VendorProductVersionCPE
aroxschool_erp_pro1.0cpe:2.3:a:arox:school_erp_pro:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arox	school_erp_pro	1.0	cpe:2.3:a:arox:school_erp_pro:1.0:::::::*

References

arox.com

school.com

github.com/JC175/CVE-2022-32119

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.5%

JSON

Related for NVD:CVE-2022-32119

prion1 cvelist1 cve1