CVE-2022-35239

{"id": "CVE-2022-35239", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-08-16T08:15:08.933", "references": [{"url": "https://jvn.jp/en/vu/JVNVU93696585/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file."}, {"lang": "es", "value": "La p\u00e1gina de administraci\u00f3n de archivos de imagen de SolarView Compact SV-CPT-MC310 Versiones 7.23 y anteriores, y SV-CPT-MC310F Versiones 7.23 y anteriores, contiene una vulnerabilidad de verificaci\u00f3n insuficiente cuando son cargados archivos. Si es explotada esta vulnerabilidad, puede ejecutarse c\u00f3digo PHP arbitrario si un atacante remoto autenticado carga un archivo PHP especialmente dise\u00f1ado."}], "lastModified": "2022-08-18T12:16:32.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:contec:sv-cpt-mc310f_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A1DA5BF-2724-4D2E-8AB1-A1A6A461CF8E", "versionEndExcluding": "7.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:contec:sv-cpt-mc310f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CAC9BA1B-C65A-4EEA-AAD6-88685BC7A4FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DA921A2-7DC7-4955-A3A7-85AE46ACEE0D", "versionEndExcluding": "7.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}