CVE-2022-2750 - OpenCVE

A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-206022 is the identifier assigned to this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Company Website Cms Project	Company Website Cms

Configuration 1 [-]

cpe:2.3:a:company_website_cms_project:company_website_cms:-:*:*:*:*:*:*:*

References

Link	Resource
https://vuldb.com/?id.206022	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2022-08-11T04:57:07

Updated: 2022-08-11T04:57:06

Reserved: 2022-08-10T00:00:00

Link: CVE-2022-2750

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-11T05:15:08.180

Modified: 2022-08-15T15:50:19.700

Link: CVE-2022-2750

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"containers": {"cna": {"affected": [{"product": "Company Website CMS", "vendor": "SourceCodester", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-206022 is the identifier assigned to this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-11T04:57:06", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.206022"}], "title": "SourceCodester Company Website CMS Add Service add-service.php unrestricted upload", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-2750", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "SourceCodester Company Website CMS Add Service add-service.php unrestricted upload"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Company Website CMS", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "SourceCodester"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-206022 is the identifier assigned to this vulnerability."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "6.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434 Unrestricted Upload"}]}]}, "references": {"reference_data": [{"name": "https://vuldb.com/?id.206022", "refsource": "MISC", "url": "https://vuldb.com/?id.206022"}]}}}}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-2750", "datePublished": "2022-08-11T04:57:07", "dateReserved": "2022-08-10T00:00:00", "dateUpdated": "2022-08-11T04:57:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:company_website_cms_project:company_website_cms:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C0EF6A8-A91B-448B-B85C-F7D0574E6A22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-206022 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad, clasificada como cr\u00edtica, en SourceCodester Company Website CMS. Est\u00e1 afectada una funci\u00f3n desconocida del archivo /dashboard/add-service.php del componente Add Service Handler. La manipulaci\u00f3n conlleva a una carga sin restricciones. Es posible lanzar el ataque de forma remota. VDB-206022 es el identificador asignado a esta vulnerabilidad"}], "id": "CVE-2022-2750", "lastModified": "2022-08-15T15:50:19.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-08-11T05:15:08.180", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.206022"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "cna@vuldb.com", "type": "Secondary"}]}