exploitDog

CVE-2022-3770

Опубликовано: 31 окт. 2022

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

EPSS Низкий

Описание

A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500.

Ссылки

https://github.com/swzaq/swzaq
Exploit
Third Party Advisory
https://vuldb.com/?id.212500
Permissions Required
Third Party Advisory
https://github.com/swzaq/swzaq
Exploit
Third Party Advisory
https://vuldb.com/?id.212500
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xjyunjing:yunjing_content_management_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.0028

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-266

Связанные уязвимости

GHSA-vqv6-v97g-wvhj

CVSS3: 8.8

github

больше 3 лет назад

A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500.

EPSS

Процентиль: 51%

0.0028

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-266