Lucene search

[email protected]NVD:CVE-2022-42458

HistoryDec 07, 2022 - 10:15 a.m.

CVE-2022-42458

2022-12-0710:15:11

CWE-287

[email protected]

web.nvd.nist.gov

cve-2022-42458

remote attacker

arbitrary file upload

arbitrary script execution

file alteration

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.3%

JSON

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.

Affected configurations

Nvd

Node

shift-techbingo\!cmsRange≤1.7.4.1

VendorProductVersionCPE
shift-techbingo\!cms*cpe:2.3:a:shift-tech:bingo\!cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shift-tech	bingo\!cms	*	cpe:2.3:a:shift-tech:bingo\!cms::::::::

References

jvn.jp/en/jp/JVN74592196/index.html

www.bingo-cms.jp/information/20221011.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.3%

JSON

Related for NVD:CVE-2022-42458

prion1 attackerkb1 jvn1 cve1 cvelist1