Lucene search

MitreCVE-2022-34919

HistoryAug 23, 2022 - 1:15 a.m.

CVE-2022-34919

2022-08-2301:15:07

CWE-287

mitre

web.nvd.nist.gov

cve-2022-34919

zengenti contensis

file upload

arbitrary command execution

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

59.3%

JSON

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.

Affected configurations

Nvd

Node

zengenticontensisRange<15.2.1.79classic

VendorProductVersionCPE
zengenticontensis*cpe:2.3:a:zengenti:contensis:*:*:*:*:classic:*:*:*

Vendor	Product	Version	CPE
zengenti	contensis	*	cpe:2.3:a:zengenti:contensis:::::classic:::*

References

github.com/ahajnik/CVE-2022-34919

www.zengenti.com/

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

59.3%

JSON

Related for CVE-2022-34919