CVE-2022-2419
published 2022-07-15CVE-2022-2419: A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file…
PriorityP355high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
EPSS
12.79%
95.8th percentile
A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| urve | web_manager | — | — |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cisa8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q9gf-w74w-fcgj: A vulnerability was found in URVE Web Manager
ghsa_unreviewed·2022-07-16
CVE-2022-2419 [HIGH] CWE-434 GHSA-q9gf-w74w-fcgj: A vulnerability was found in URVE Web Manager
A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.
CISA
Microsoft Internet Explorer Memory Corruption Vulnerability
cisa·2022-03-28·CVSS 8.8
CVE-2015-2419 [HIGH] CWE-119 Microsoft Internet Explorer Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-2419
Remediation Due Date: 2022-04-18
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20upload.php%20File%20upload%20vulnerability.mdhttps://vuldb.com/?id.203902https://github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20upload.php%20File%20upload%20vulnerability.mdhttps://vuldb.com/?id.203902
2022-07-15
Published