CVE-2022-44786

EUVD-2022-47718
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application.
PHP Remote File Inclusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
maggioliappalti_\&_contratti
9.12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://members.backbox.org/maggioli-appalti-contratti-multiple-vulnerabilities/
https://members.backbox.org/maggioli-appalti-contratti-multiple-vulnerabilities/