CVE-2022-4272

A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://vuldb.com/?id.214760	Third Party Advisory VDB Entry
https://github.com/FeMiner/wms/issues/14	Exploit Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/04/26/1

Configurations

Configuration 1 (hide)

cpe:2.3:a:warehouse_management_system_project:warehouse_management_system:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:57

Type	Values Removed	Values Added
CWE	CWE-434 CWE-284

26 Apr 2023, 12:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2023/04/26/1 -
CWE		CWE-284 CWE-266

Information

Published : 2022-12-03 09:15

Updated : 2023-11-07 03:57

NVD link : CVE-2022-4272

Mitre link : CVE-2022-4272

JSON object : View

Products Affected

warehouse_management_system_project

warehouse_management_system

CWE

CWE-266

Incorrect Privilege Assignment

9.8 /10