FeMiner wms unrestricted upload
CVE-2022-4272

6.3MEDIUM

Key Information:

Vendor: Feminer
Status: Wms
Vendor: CVE Published:; 3 December 2022

What is CVE-2022-4272?

A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.

Affected Version(s)

wms

References

https://github.com/FeMiner/wms/issues/14

https://vuldb.com/?id.214760

http://www.openwall.com/lists/oss-security/2023/04/26/1

mailing-list

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 3, 2022
Vulnerability Reserved
Dec 3, 2022

JSON

Feminer

What is CVE-2022-4272?

Affected Version(s)

References

CVSS V3.1

Timeline