Lucene search

[email protected]NVD:CVE-2022-47769

HistoryFeb 01, 2023 - 2:15 a.m.

CVE-2022-47769

2023-02-0102:15:07

CWE-434

[email protected]

web.nvd.nist.gov

arbitrary file write

serenissima informatica fast checkin v1.0

unauthenticated attackers

malicious files

web root

server access

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.

Affected configurations

Nvd

Node

serinffast_checkinMatch1.0

VendorProductVersionCPE
serinffast_checkin1.0cpe:2.3:a:serinf:fast_checkin:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
serinf	fast_checkin	1.0	cpe:2.3:a:serinf:fast_checkin:1.0:::::::*

References

serenissima.com

www.swascan.com/it/security-advisory-serenissima-informatica-fastcheckin/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Related for NVD:CVE-2022-47769

prion1 cve1 cvelist1