Lucene search
GoogleOSV:CVE-2022-41418HistoryDec 19, 2022 - 8:15 p.m.
CVE-2022-41418
2022-12-1920:15:11
Google
osv.dev
1
cve-2022-41418
blogengine.net
uploadcontroller
arbitrary code execution
png file upload
security issue
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.9%
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| blogengine.net | eq | 3.3.6.0 | |
| blogengine.net | eq | 3.3.5.0 | |
| blogengine.net | eq | 3.3.8.0 | |
| blogengine.net | eq | 3.3.7.0 |
Related
nvd
nvd
CVE-2022-41418
2022-12-19 20:15:11
cve
cve
CVE-2022-41418
2022-12-19 20:15:11
cvelist
cvelist
CVE-2022-41418
2022-12-19 00:00:00
prion
prion
Design/Logic Flaw
2022-12-19 20:15:00
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.9%
Related for OSV:CVE-2022-41418