3 matches found
CVE-2022-42154
creationtimestamp| type| source ---|---|--- 2022-10-17 18:13:16+00:00| seen| https://t.me/cibsecurity/51590 2025-05-14 21:32:23+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16417...
CVE-2022-42154
CVE-2022-42154 involves an arbitrary file upload vulnerability in the 74cmsSE web app, specifically the "/apiadmin/upload/attach" endpoint. A crafted PHP file can be uploaded, enabling attackers to achieve arbitrary code execution on v3.13.0. The CVSS v3.1 score is 9.8 (CRITICAL) with network att...
CVE-2022-42154
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...