Lucene search
MitreCVE-2022-40878HistorySep 27, 2022 - 11:15 p.m.
CVE-2022-40878
2022-09-2723:15:16
CWE-434
mitre
web.nvd.nist.gov
21
6
cve-2022-40878
management system
rce
nvd
remote code execution
php file upload
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.012
Percentile
85.6%
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).
Affected configurations
Node
exam_reviewer_management_system_projectexam_reviewer_management_systemMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| exam_reviewer_management_system_project | exam_reviewer_management_system | 1.0 | cpe:2.3:a:exam_reviewer_management_system_project:exam_reviewer_management_system:1.0:*:*:*:*:*:*:* |
References
Social References
More
Related
cvelist
cvelist
CVE-2022-40878
2022-09-27 16:01:40
cnvd
cnvd
Simple Exam Reviewer Management System Arbitrary File Upload Vulnerability
2022-09-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Exam Reviewer Management System Arbitrary File Upload (CVE-2022-40878)
2022-11-23 00:00:00
prion
prion
Remote code execution
2022-09-27 23:15:00
nvd
nvd
CVE-2022-40878
2022-09-27 23:15:16
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.012
Percentile
85.6%
Related for CVE-2022-40878