Lucene search
HistoryOct 07, 2022 - 6:15 p.m.
CVE-2022-42092
cve-2022-42092
backdrop cms
unrestricted file upload
remote code execution
nvd
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.081 Low
EPSS
Percentile
94.3%
Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via ‘themes’ that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.
Affected configurations
Node
backdropcmsbackdrop_cmsMatch1.22.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| backdropcms:backdrop_cms | backdropcms backdrop cms | eq | 1.22.0 |
References
Social References
More
Related
github
github
Backdrop CMS Unrestricted File Upload vulnerability
2022-10-07 18:15:39
prion
prion
Unrestricted file upload
2022-10-07 18:15:00
veracode
veracode
Unrestricted File Upload
2022-10-18 08:38:38
osv
osv
Backdrop CMS Unrestricted File Upload vulnerability
2022-10-07 18:15:39
CVE-2022-42092
2022-10-07 18:15:23
cvelist
cvelist
CVE-2022-42092
2022-10-07 00:00:00
nvd
nvd
CVE-2022-42092
2022-10-07 18:15:23
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.081 Low
EPSS
Percentile
94.3%
Related for CVE-2022-42092