Lucene search

[email protected]NVD:CVE-2022-48006

HistoryJan 30, 2023 - 10:15 p.m.

CVE-2022-48006

2023-01-3022:15:12

CWE-434

[email protected]

web.nvd.nist.gov

arbitrary file upload

taocms v3.0.2

code execution

php file

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

65.6%

JSON

An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.

Affected configurations

Nvd

Node

taogogotaocmsMatch3.0.2

VendorProductVersionCPE
taogogotaocms3.0.2cpe:2.3:a:taogogo:taocms:3.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
taogogo	taocms	3.0.2	cpe:2.3:a:taogogo:taocms:3.0.2:::::::*

References

github.com/taogogo/taocms/issues/35

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

65.6%

JSON

Related for NVD:CVE-2022-48006

prion1 osv1 cvelist1 cve1