CVE-2022-42458

2022-12-0710:15:11

CWE-287

[email protected]

web.nvd.nist.gov

In Wild

cve

2022

42458

authentication bypass

bingo!cms

vulnerability

remote unauthenticated attacker

arbitrary file upload

arbitrary script execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.

Affected configurations

Vulners

NVD

Node

shift_tech_inc.bingo\!cmsMatchsion1.7.4.1

CPENameOperatorVersion
shift-tech:bingo\!cmsshift-tech bingo!cmsle1.7.4.1

CPE	Name	Operator	Version
shift-tech:bingo\!cms	shift-tech bingo!cms	le	1.7.4.1

CNA Affected

[
  {
    "vendor": "Shift Tech Inc.",
    "product": "bingo!CMS",
    "versions": [
      {
        "version": "version1.7.4.1 and earlier",
        "status": "affected"
      }
    ]
  }
]