Vulnerability Details : CVE-2022-30529

File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.

Published 2022-11-22 01:15:13

Updated 2022-11-30 17:44:15

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-30529

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 17 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-30529

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-30529

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

Assigned by: [email protected] (Primary)

References for CVE-2022-30529

https://github.com/asith-eranga/isic

Product

CVEs referencing this url
https://github.com/killmonday/isic.lk-RCE

Exploit;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2022-30529

Isic.lk Project » Isic.lk
Versions up to, including, (<=) 2018-02-13
cpe:2.3:a:isic.lk_project:isic.lk:*:*:*:*:*:*:*:*
Matching versions