Lucene search

AttackerKBAKB:4D279A06-B32C-4ADA-8ABB-B4D71A7136D5

HistoryDec 07, 2022 - 12:00 a.m.

CVE-2022-42458

2022-12-0700:00:00

attackerkb.com

authentication bypass

bingo!cms

remote attacker

arbitrary file upload

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.3%

JSON

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42458

jvn.jp/en/jp/JVN74592196/index.html

www.bingo-cms.jp/information/20221011.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for AKB:4D279A06-B32C-4ADA-8ABB-B4D71A7136D5