CVE-2022-26607

A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file.
References
Link Resource
http://baigocms.com Broken Link
https://github.com/baigoStudio/baigoCMS/ Product Third Party Advisory
https://github.com/baigoStudio/baigoCMS/issues/9 Exploit Issue Tracking Third Party Advisory
http://baigocms.com Broken Link
https://github.com/baigoStudio/baigoCMS/ Product Third Party Advisory
https://github.com/baigoStudio/baigoCMS/issues/9 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:baigo:baigo_cms:3.0:alpha2:*:*:*:*:*:*

History

21 Nov 2024, 06:54

Type Values Removed Values Added
References () http://baigocms.com - Broken Link () http://baigocms.com - Broken Link
References () https://github.com/baigoStudio/baigoCMS/ - Product, Third Party Advisory () https://github.com/baigoStudio/baigoCMS/ - Product, Third Party Advisory
References () https://github.com/baigoStudio/baigoCMS/issues/9 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/baigoStudio/baigoCMS/issues/9 - Exploit, Issue Tracking, Third Party Advisory

13 Apr 2022, 20:21

Type Values Removed Values Added
CWE CWE-434
CPE cpe:2.3:a:baigo:baigo_cms:3.0:alpha2:*:*:*:*:*:*
References (MISC) http://baigocms.com - (MISC) http://baigocms.com - Broken Link
References (MISC) https://github.com/baigoStudio/baigoCMS/issues/9 - (MISC) https://github.com/baigoStudio/baigoCMS/issues/9 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://github.com/baigoStudio/baigoCMS/ - (MISC) https://github.com/baigoStudio/baigoCMS/ - Product, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.5
v3 : 7.2

06 Apr 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-06 21:15

Updated : 2024-11-21 06:54


NVD link : CVE-2022-26607

Mitre link : CVE-2022-26607

CVE.ORG link : CVE-2022-26607


JSON object : View

Products Affected

baigo

  • baigo_cms
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type