CVE-2022-28606

Опубликовано: 05 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.

Ссылки

https://www.bosscms.net/
Broken Link
https://www.cnvd.org.cn/flaw/show/CNVD-2022-04804
Third Party Advisory
https://www.cnvd.org.cn/patchInfo/show/313666
Third Party Advisory
https://www.bosscms.net/
Broken Link
https://www.cnvd.org.cn/flaw/show/CNVD-2022-04804
Third Party Advisory
https://www.cnvd.org.cn/patchInfo/show/313666
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bosscms:bosscms:1.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00519

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-8qmr-j2xv-69jx