Vulnerability Details : CVE-2022-44786
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application.
Vulnerability category: File inclusion
Products affected by CVE-2022-44786
- cpe:2.3:a:maggioli:appalti_\&_contratti:9.12.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-44786
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-44786
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2022-44786
-
https://members.backbox.org/maggioli-appalti-contratti-multiple-vulnerabilities/
Maggioli Appalti & Contratti, Multiple Vulnerabilities - BackBox.org MembershipExploit;Third Party Advisory
Jump to