Lucene search

VulDBCVE-2022-2419

HistoryJul 15, 2022 - 6:15 a.m.

CVE-2022-2419

2022-07-1506:15:09

CWE-434

VulDB

web.nvd.nist.gov

vulnerability

urve web manager

critical

unrestricted upload

nvd

cve-2022-2419

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.

Affected configurations

Nvd

Node

eveourve_web_managerMatch-

VendorProductVersionCPE
eveourve_web_manager-cpe:2.3:a:eveo:urve_web_manager:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eveo	urve_web_manager	-	cpe:2.3:a:eveo:urve_web_manager:-:::::::*

CNA Affected

[
  {
    "product": "Web Manager",
    "vendor": "URVE",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20upload.php%20File%20upload%20vulnerability.md

vuldb.com/?id.203902

Social References

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

Related for CVE-2022-2419