CVE-2022-4606

Exploit

EPSS 3.02%
Veröffentlicht 18.12.2022 13:15:09
Zuletzt bearbeitet 21.11.2024 07:35:35
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flatpress ≫ Flatpress Version <= 1.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.02%	0.863

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@huntr.dev	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

https://github.com/flatpressblog/flatpress/commit/c30d52b28483e1e512d0d81758d4c149f02b4068

Patch

Third Party Advisory

https://huntr.dev/bounties/3dab0466-c35d-4163-b3c7-a8666e2f7d95

Patch

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-4606

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4606

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4606

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4606