Lucene search

[email protected]NVD:CVE-2022-3982

HistoryDec 12, 2022 - 6:15 p.m.

CVE-2022-3982

2022-12-1218:15:12

[email protected]

web.nvd.nist.gov

wordpress

plugin

arbitrary files

rce

security vulnerability

unauthenticated users

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.289 Low

EPSS

Percentile

96.9%

JSON

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE

Affected configurations

NVD

Node

wpdevartbooking_calendarRange<3.2.2wordpress

References

wpscan.com/vulnerability/4d91f3e1-4de9-46c1-b5ba-cc55b7726867

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.289 Low

EPSS

Percentile

96.9%

JSON

Related for NVD:CVE-2022-3982

cve1 prion1 nuclei1 openvas1 wpvulndb1 cvelist1 wpexploit1