CVE-2022-4774

Exploit

EPSS 6.86%
Veröffentlicht 15.05.2023 13:15:09
Zuletzt bearbeitet 24.01.2025 22:15:32
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Bit Form <= 1.8.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.

Mögliche Gegenmaßnahme

Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder: Update to version 1.9, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder

Version *-1.8.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bitapps ≫ Bit Form SwPlatformwordpress Version < 1.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.86%	0.912

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/faa3f6ab-43d6-4874-b16e-93abbb4ba72e

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4774

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4774

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4774

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4774