CVE-2022-30821

EUVD-2022-52633
In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
wedding_management_system_projectwedding_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/k0xx11/bug_report/blob/main/vendors/codeastro.com/wedding-management-system/RCE-2.md
https://github.com/k0xx11/bug_report/blob/main/vendors/codeastro.com/wedding-management-system/RCE-2.md