cbcvebase.
CVE-2022-2102
published 2022-06-24

CVE-2022-2102: Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and…

PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.85%
53.4th percentile
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.

Affected

4 ranges
VendorProductVersion rangeFixed in
secheronsepcos_control_and_protection_relay_firmware>= 1.23.0 < 1.23.211.23.21
secheronsepcos_control_and_protection_relay_firmware>= 1.24.0 < 1.24.81.24.8
secheronsepcos_control_and_protection_relay_firmware>= 1.25.0 < 1.25.31.25.3
secheronsepcos_control_and_protection_relay_firmware_package>= All versions < 1.23.211.23.21

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.