CVE-2022-4446

Exploit

EPSS 0.72%
Veröffentlicht 13.12.2022 12:15:28
Zuletzt bearbeitet 21.11.2024 07:35:16
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Corebos ≫ Corebos Version < 8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.72%	0.72

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@huntr.dev	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-669 Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

https://github.com/tsolucio/corebos/commit/8035e725ecb397348bd50545e90975b699e4f9f2

Patch

Third Party Advisory

https://huntr.dev/bounties/718f1be6-3834-4ef2-8134-907a52009894

Patch

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-4446

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4446

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4446

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4446