Lucene search

[email protected]CVE-2022-4606

HistoryDec 18, 2022 - 1:15 p.m.

CVE-2022-4606

2022-12-1813:15:09

CWE-98

[email protected]

web.nvd.nist.gov

cve

2022

php

remote file inclusion

github

flatpressblog

flatpress

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.

Affected configurations

NVD

Node

flatpressflatpressRange≤1.2.1

CPENameOperatorVersion
flatpress:flatpressflatpressle1.2.1

CPE	Name	Operator	Version
flatpress:flatpress	flatpress	le	1.2.1

CNA Affected

[
  {
    "vendor": "flatpressblog",
    "product": "flatpressblog/flatpress",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.3",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/flatpressblog/flatpress/commit/c30d52b28483e1e512d0d81758d4c149f02b4068

huntr.dev/bounties/3dab0466-c35d-4163-b3c7-a8666e2f7d95

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

Related for CVE-2022-4606

nvd1 cnvd1 osv1 prion1 huntr1 cvelist1 openvas1