CRITICAL🇬🇧 English

CVE-2022-2102

CVSS 9.4v3.1pub. 2022-06-24upd. 2024-11-21

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
  • Secheron Sepcos Control And Protection Relay

    HW
    Secheron
    wszystkie wersje
  • Secheron Sepcos Control And Protection Relay Firmware

    OS
    Secheron
    1.23.0 – 1.23.21 (bez)1.24.0 – 1.24.8 (bez)1.25.0 – 1.25.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-1668CRITICAL9.8ten sam produkt

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the op...

CVE-2022-2103CRITICAL9.8ten sam produkt

An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read...

CVE-2022-2104CRITICAL9.9ten sam produkt

The www-data (Apache web server) account is configured to run sudo with no password for many commands (includi...

CVE-2022-2105CRITICAL9.4ten sam produkt

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authenticat...

CVE-2022-1667HIGH7.5ten sam produkt

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., fro...