Vulnerability Details : CVE-2022-3944
A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451.
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-3944
- cpe:2.3:a:erp_project:erp:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3944
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3944
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
VulDB | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-3944
-
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.Assigned by: cna@vuldb.com (Secondary)
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: cna@vuldb.com (Secondary)
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by:
- cna@vuldb.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-3944
-
https://vuldb.com/?id.213451
CVE-2022-3944 | jerryhanjj ERP Commodity Management inventory.php uploadImages unrestricted uploadThird Party Advisory
-
https://github.com/jerryhanjj/ERP/issues/3
File upload vulnerability getshell · Issue #3 · jerryhanjj/ERP · GitHubExploit;Issue Tracking;Third Party Advisory
Jump to