CVE-2022-4272

Published: Dec 3, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.

Affected (1)

Products: Warehouse Management System Project: Warehouse Management System

Warehouse Management System Project

1 product

Warehouse Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Warehouse Management System Project Warehouse Management System	All versions

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://www.openwall.com/lists/oss-security/2023/04/26/1

Source: cna@vuldb.com

https://github.com/FeMiner/wms/issues/14

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?id.214760

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2023/04/26/1

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/FeMiner/wms/issues/14

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?id.214760

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.