CVE-2022-42092Unrestricted File Upload in Backdrop

CWE-434Unrestricted File Upload4 documents4 sources
Severity
7.2HIGHNVD
EPSS
1.7%
top 17.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
BackdropBackdropcms Backdrop CMS
Timeline
PublishedOct 7

Description

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

Packagistbackdrop/backdrop1.22.0

🔴Vulnerability Details

3
OSV
Backdrop CMS Unrestricted File Upload vulnerability2022-10-07
GHSA
Backdrop CMS Unrestricted File Upload vulnerability2022-10-07
CVEList
CVE-2022-42092: Backdrop CMS 12022-10-07
CVE-2022-42092 — Unrestricted File Upload in Backdrop | cvebase