CVE-2022-3771
31.10.2022, 14:15
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| easyiicms | easyiicms | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-266 - Incorrect Privilege AssignmentA product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
- CWE-434 - Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.