CVE-2022-39978

{"id": "CVE-2022-39978", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-10-27T20:15:34.373", "references": [{"url": "https://github.com/z1pwn/bug_report/blob/main/vendors/oretnom23/online-pet-shop-we-app/RCE-1.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point."}, {"lang": "es", "value": "Se descubri\u00f3 que Online Pet Shop We App v1.0 conten\u00eda una vulnerabilidad de carga de archivos arbitraria a trav\u00e9s de la funci\u00f3n de Editing en el m\u00f3dulo Product List. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo PHP manipulado y cargado a trav\u00e9s del punto de carga de la imagen."}], "lastModified": "2022-10-28T19:06:21.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:online_pet_shop_we_app_project:online_pet_shop_we_app:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55AD129C-1298-41BA-8500-D9B677025B29"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}