Lucene search

[email protected]NVD:CVE-2022-34919

HistoryAug 23, 2022 - 1:15 a.m.

CVE-2022-34919

2022-08-2301:15:07

CWE-287

[email protected]

web.nvd.nist.gov

file upload

zengenti contensis classic

authentication bypass

crafted file

arbitrary commands

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.3%

JSON

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.

Affected configurations

Nvd

Node

zengenticontensisRange<15.2.1.79classic

VendorProductVersionCPE
zengenticontensis*cpe:2.3:a:zengenti:contensis:*:*:*:*:classic:*:*:*

Vendor	Product	Version	CPE
zengenti	contensis	*	cpe:2.3:a:zengenti:contensis:::::classic:::*

References

github.com/ahajnik/CVE-2022-34919

www.zengenti.com/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.3%

JSON

Related for NVD:CVE-2022-34919

prion1 cve1 cvelist1