exploitDog

CVE-2022-42458

Опубликовано: 07 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.

Ссылки

https://jvn.jp/en/jp/JVN74592196/index.html
Third Party Advisory
https://www.bingo-cms.jp/information/20221011.html
Vendor Advisory
https://jvn.jp/en/jp/JVN74592196/index.html
Third Party Advisory
https://www.bingo-cms.jp/information/20221011.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shift-tech:bingo\!cms:*:*:*:*:*:*:*:*

Версия до 1.7.4.1 (включая)

EPSS

Процентиль: 87%

0.03357

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

CWE-287

Связанные уязвимости

GHSA-c6jj-hc2x-m9jc

CVSS3: 9.8

github

около 3 лет назад

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.

EPSS

Процентиль: 87%

0.03357

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

CWE-287