CVE-2022-30821

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
wedding_management_system_projectwedding_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/k0xx11/bug_report/blob/main/vendors/codeastro.com/wedding-management-system/RCE-2.md
https://github.com/k0xx11/bug_report/blob/main/vendors/codeastro.com/wedding-management-system/RCE-2.md