File Upload Vulnerability in Purchase Order Management System by Oretnom23
CVE-2022-44400

9.8CRITICAL

Key Information:

Vendor: Purchase Order Management System Project
Status: Purchase Order Management System
Vendor: CVE Published:; 28 November 2022

🔔 Create Purchase Order Management System Project Vulnerability Alert

What is CVE-2022-44400?

The Purchase Order Management System version 1.0 is susceptible to a file upload vulnerability, allowing unauthorized users to upload malicious files via the /purchase_order/admin/?page=system_info endpoint. This weakness can lead to potential code execution or data breaches, putting sensitive information at risk. It is crucial for users of this system to implement immediate updates and security measures to mitigate potential threats.

References

https://github.com/lcg-22266/bug_report/blob/main/vendors...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2022
Vulnerability Reserved
Oct 30, 2022

CVE-2022-44400 Data

JSON