Lucene search

[email protected]NVD:CVE-2022-37299

HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-37299

2022-09-0915:15:13

CWE-22

[email protected]

web.nvd.nist.gov

shirne cms

path traversal

arbitrary file read

static

ueditor

controller.php

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.007

Percentile

79.9%

JSON

An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php

Affected configurations

Nvd

Node

shirne_cms_projectshirne_cmsMatch1.2.0

VendorProductVersionCPE
shirne_cms_projectshirne_cms1.2.0cpe:2.3:a:shirne_cms_project:shirne_cms:1.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shirne_cms_project	shirne_cms	1.2.0	cpe:2.3:a:shirne_cms_project:shirne_cms:1.2.0:::::::*

References

gitee.com/shirnecn/ShirneCMS/issues/I5JRHJ?from=project-issue

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.007

Percentile

79.9%

JSON

Related for NVD:CVE-2022-37299

cvelist1 cve1 nuclei1 prion1