Lucene search

[email protected]CVE-2022-41418

HistoryDec 19, 2022 - 8:15 p.m.

CVE-2022-41418

2022-12-1920:15:11

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-41418

blogengine.net

arbitrary code execution

png file

security vulnerability

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.9%

JSON

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.

Affected configurations

NVD

Node

blogengineblogengine.netMatch3.3.8.0

CPENameOperatorVersion
blogengine:blogengine.netblogengine blogengine.neteq3.3.8.0

CPE	Name	Operator	Version
blogengine:blogengine.net	blogengine blogengine.net	eq	3.3.8.0

References

gist.github.com/tree-chtsec/22a0a531ea188fd5b76fe11d32f41e95

gist.github.com/tree-chtsec/a02258bb6dea0d16e7e631898c066e05

github.com/BlogEngine/BlogEngine.NET/commit/7f927567db94462ffd37e128c0a53c11c1f81a8d

www.chtsecurity.com/news/8719b7f3-1129-4fb4-8801-298970d81df7

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.9%

JSON

Related for CVE-2022-41418

osv1 nvd1 cvelist1 prion1