Lucene search

[email protected]NVD:CVE-2022-2779

HistoryAug 12, 2022 - 10:15 a.m.

CVE-2022-2779

2022-08-1210:15:28

CWE-434

[email protected]

web.nvd.nist.gov

sourcecodester gas agency

critical vulnerability

unrestricted upload

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.7%

JSON

A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206173 was assigned to this vulnerability.

Affected configurations

Nvd

Node

gas_agency_management_system_projectgas_agency_management_systemMatch-

VendorProductVersionCPE
gas_agency_management_system_projectgas_agency_management_system-cpe:2.3:a:gas_agency_management_system_project:gas_agency_management_system:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gas_agency_management_system_project	gas_agency_management_system	-	cpe:2.3:a:gas_agency_management_system_project:gas_agency_management_system:-:::::::*

References

github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/oneWorld.png

vuldb.com/?id.206173

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.7%

JSON

Related for NVD:CVE-2022-2779

cvelist1 prion1 cve1