Lucene search

[email protected]NVD:CVE-2022-42029

HistoryOct 17, 2022 - 6:15 p.m.

CVE-2022-42029

2022-10-1718:15:12

CWE-434

[email protected]

web.nvd.nist.gov

chamilo

authenticated users

file inclusion

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

35.6%

JSON

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to ‘big file uploads’ to copy/move files from anywhere in the file system into the web directory.

Affected configurations

Nvd

Node

chamilochamiloMatch1.11.16

VendorProductVersionCPE
chamilochamilo1.11.16cpe:2.3:a:chamilo:chamilo:1.11.16:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
chamilo	chamilo	1.11.16	cpe:2.3:a:chamilo:chamilo:1.11.16:::::::*

References

support.chamilo.org/projects/1/wiki/Security_issues#Issue-95-2022-09-14-High-impact-Moderate-risk-Authenticated-Local-file-inclusion

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

35.6%

JSON

Related for NVD:CVE-2022-42029

cvelist1 cve1 osv1 prion1 openvas1