CVE-2022-3771 - OpenCVE

A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Easyiicms	Easyiicms

Configuration 1 [-]

cpe:2.3:a:easyiicms:easyiicms:-:*:*:*:*:*:*:*

References

Link	Resource
https://vuldb.com/?id.212501	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2022-10-31T00:00:00

Updated: 2022-10-31T00:00:00

Reserved: 2022-10-31T00:00:00

Link: CVE-2022-3771

JSON object: View

NVD Information

Status : Modified

Published: 2022-10-31T14:15:10.593

Modified: 2023-11-07T03:51:47.090

Link: CVE-2022-3771

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:easyiicms:easyiicms:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF719307-E9E9-4221-9696-2C0418253345", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en easyii CMS y clasificada como cr\u00edtica. Este problema afecta el archivo de funci\u00f3n del archivo helpers/Upload.php del componente File Upload Management. La manipulaci\u00f3n conduce a una carga sin restricciones. El ataque puede iniciarse de forma remota. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-212501.\n"}], "id": "CVE-2022-3771", "lastModified": "2023-11-07T03:51:47.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-10-31T14:15:10.593", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.212501"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-266"}], "source": "cna@vuldb.com", "type": "Secondary"}]}