Lucene search

[email protected]NVD:CVE-2022-42029

HistoryOct 17, 2022 - 6:15 p.m.

CVE-2022-42029

2022-10-1718:15:12

CWE-434

[email protected]

web.nvd.nist.gov

chamilo

authenticated users

file inclusion

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

35.7%

JSON

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to ‘big file uploads’ to copy/move files from anywhere in the file system into the web directory.

Affected configurations

NVD

Node

chamilochamiloMatch1.11.16

References

support.chamilo.org/projects/1/wiki/Security_issues#Issue-95-2022-09-14-High-impact-Moderate-risk-Authenticated-Local-file-inclusion

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

35.7%

JSON

Related for NVD:CVE-2022-42029

cve1 cvelist1 osv1 prion1 openvas1