Lucene search

[email protected]NVD:CVE-2022-39977

HistoryOct 27, 2022 - 8:15 p.m.

CVE-2022-39977

2022-10-2720:15:34

CWE-434

[email protected]

web.nvd.nist.gov

online pet shop

arbitrary file upload

editing function

user module

attackers

execute arbitrary code

php file uploaded

picture upload point

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.3%

JSON

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point.

Affected configurations

Nvd

Node

online_pet_shop_we_app_projectonline_pet_shop_we_appMatch1.0

VendorProductVersionCPE
online_pet_shop_we_app_projectonline_pet_shop_we_app1.0cpe:2.3:a:online_pet_shop_we_app_project:online_pet_shop_we_app:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
online_pet_shop_we_app_project	online_pet_shop_we_app	1.0	cpe:2.3:a:online_pet_shop_we_app_project:online_pet_shop_we_app:1.0:::::::*

References

github.com/z1pwn/bug_report/blob/main/vendors/oretnom23/online-pet-shop-we-app/RCE-2.md

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.3%

JSON

Related for NVD:CVE-2022-39977

cve1 cvelist1 prion1