CVE-2022-4606

Exploit

EPSS 35.44%
Veröffentlicht 18.12.2022 13:15:09
Zuletzt bearbeitet 21.11.2024 07:35:35
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

PHP Remote File Inclusion in flatpressblog/flatpress

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flatpress ≫ Flatpress Version <= 1.2.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	35.44%	0.982

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@huntr.dev	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

https://github.com/flatpressblog/flatpress/commit/c30d52b28483e1e512d0d81758d4c149f02b4068

Patch

Third Party Advisory

https://huntr.dev/bounties/3dab0466-c35d-4163-b3c7-a8666e2f7d95

Patch

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-4606

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4606

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4606

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4606