Vulnerability Details : CVE-2022-42458
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.
Products affected by CVE-2022-42458
- cpe:2.3:a:shift-tech:bingo\!cms:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-42458
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-42458
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-42458
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-42458
-
https://www.bingo-cms.jp/information/20221011.html
【重要・要対応】bingo!CMS 認証回避脆弱性に関する対応をお願いいたします | 最新情報 | CMSはbingo!CMS 低価格×高機能Webデザイナー向けCMSVendor Advisory
-
https://jvn.jp/en/jp/JVN74592196/index.html
JVN#74592196: bingo!CMS vulnerable to authentication bypassThird Party Advisory
Jump to