exploitDog

CVE-2022-34919

Опубликовано: 23 авг. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.

Ссылки

https://github.com/ahajnik/CVE-2022-34919
Exploit
Third Party Advisory
https://www.zengenti.com/
Product
https://github.com/ahajnik/CVE-2022-34919
Exploit
Third Party Advisory
https://www.zengenti.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zengenti:contensis:*:*:*:*:classic:*:*:*

Версия до 15.2.1.79 (исключая)

EPSS

Процентиль: 80%

0.01392

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-gpvr-w6q5-m4cj

CVSS3: 9.8

github

больше 3 лет назад

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.

EPSS

Процентиль: 80%

0.01392

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287