CVE-2022-42458
published 2022-12-07CVE-2022-42458: Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.08%
60.8th percentile
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| shift-tech | bingo_!cms | <= 1.7.4.1 | — |
| shift_tech_inc | bingo!cms | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c6jj-hc2x-m9jc: Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1
ghsa_unreviewed·2022-12-07
CVE-2022-42458 [CRITICAL] CWE-287 GHSA-c6jj-hc2x-m9jc: Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.
VulnCheck
shift-tech bingo\!cms Improper Authentication
vulncheck·2022·CVSS 9.8
CVE-2022-42458 [CRITICAL] shift-tech bingo\!cms Improper Authentication
shift-tech bingo\!cms Improper Authentication
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.
Affected: shift-tech bingo\!cms
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.jpcert.or.jp/english/at/2022/at220026.html
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-07
Published
Exploited in the wild