CVE-2022-26521

{"id": "CVE-2022-26521", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-03-10T17:47:46.260", "references": [{"url": "http://packetstormsecurity.com/files/171487/Abantecart-1.3.2-Remote-Code-Execution.html", "source": "cve@mitre.org"}, {"url": "https://github.com/sartlabs/0days/blob/main/Abantecart/Exploit.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/171487/Abantecart-1.3.2-Remote-Code-Execution.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/sartlabs/0days/blob/main/Abantecart/Exploit.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type)."}, {"lang": "es", "value": "Abantecart versiones hasta 1.3.2, permite a administradores remotos autenticados ejecutar c\u00f3digo arbitrario subiendo un archivo ejecutable, ya que la configuraci\u00f3n Catalog)Media Manager)Images settings puede ser cambiada por un administrador (por ejemplo, configurando .php para que sea un tipo de archivo de imagen v\u00e1lido)"}], "lastModified": "2024-11-21T06:54:06.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:abantecart:abantecart:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B39DB261-95DE-434D-8545-583B5B0CD813", "versionEndIncluding": "1.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}