exploitDog

CVE-2022-31854

Опубликовано: 07 июл. 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Высокий

Описание

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.

Ссылки

http://packetstormsecurity.com/files/167782/CodoForum-5.1-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://codoforum.com
Vendor Advisory
https://github.com/Vikaran101/CVE-2022-31854/blob/main/exploit.py
Exploit
Third Party Advisory
https://vikaran101.medium.com/codoforum-v5-1-authenticated-rce-my-first-cve-f49e19b8bc
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/167782/CodoForum-5.1-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://codoforum.com
Vendor Advisory
https://github.com/Vikaran101/CVE-2022-31854/blob/main/exploit.py
Exploit
Third Party Advisory
https://vikaran101.medium.com/codoforum-v5-1-authenticated-rce-my-first-cve-f49e19b8bc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codologic:codoforum:5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.85495

Высокий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-jppf-9gf2-jv53

CVSS3: 7.2

github

больше 3 лет назад

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.

EPSS

Процентиль: 99%

0.85495

Высокий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434