Lucene search
HistoryAug 03, 2022 - 1:15 a.m.
CVE-2022-36197
bigtree cms
arbitrary file upload
pdf
vulnerability
execute code
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.4%
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file.
Affected configurations
Node
bigtreecmsbigtree_cmsMatch4.4.16
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bigtreecms | bigtree_cms | 4.4.16 | cpe:2.3:a:bigtreecms:bigtree_cms:4.4.16:*:*:*:*:*:*:* |
Related
prion
prion
Privilege escalation
2022-08-03 01:15:00
cve
cve
CVE-2022-36197
2022-08-03 01:15:07
openvas
openvas
BigTree CMS <= 4.4.16 File Upload Vulnerability
2022-08-31 00:00:00
cvelist
cvelist
CVE-2022-36197
2022-08-03 00:03:41
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.4%
Related for NVD:CVE-2022-36197