CVE-2022-4774

Exploit

EPSS 1.79%
Veröffentlicht 15.05.2023 13:15:09
Zuletzt bearbeitet 24.01.2025 22:15:32
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload

Bit Form <= 1.8.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.

Mögliche Gegenmaßnahme

Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder: Update to version 1.9, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bitapps ≫ Bit Form SwPlatformwordpress Version < 1.9

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder

Version *-1.8.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.79%	0.754

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/faa3f6ab-43d6-4874-b16e-93abbb4ba72e

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4774

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4774

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4774

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4774