Lucene search

MitreCVE-2022-45527

HistoryFeb 08, 2023 - 7:15 p.m.

CVE-2022-45527

2023-02-0819:15:11

CWE-434

mitre

web.nvd.nist.gov

cve-2022-45527

file upload vulnerability

future-depth ims

unauthorized access

courseimg directory

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

62.4%

JSON

File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.

Affected configurations

Nvd

Node

institutional_management_website_projectinstitutional_management_websiteMatch1.0

VendorProductVersionCPE
institutional_management_website_projectinstitutional_management_website1.0cpe:2.3:a:institutional_management_website_project:institutional_management_website:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
institutional_management_website_project	institutional_management_website	1.0	cpe:2.3:a:institutional_management_website_project:institutional_management_website:1.0:::::::*

References

github.com/Future-Depth/IMS/issues/2

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

62.4%

JSON

Related for CVE-2022-45527