CVE-2022-4774
published 2023-05-15CVE-2022-4774: The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.79%
75.5th percentile
The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitapps | bit_form | < 1.9 | 1.9 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5267-x3g9-g6x7: The Bit Form WordPress plugin before 1
ghsa_unreviewed·2023-05-15
CVE-2022-4774 [CRITICAL] CWE-434 GHSA-5267-x3g9-g6x7: The Bit Form WordPress plugin before 1
The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.
Red Hat
vim: Out-of-range Pointer Offset
vendor_redhat·2022-04-21·CVSS 5.5
CVE-2022-1420 [MEDIUM] CWE-125 vim: Out-of-range Pointer Offset
vim: Out-of-range Pointer Offset
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name, triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into opening a crafted script containing an argument as a number and then using it as a string pointer to access any memory location, causing an application to crash and possibly access some memory.
Mitigation: Untrusted vim scripts with -s [scriptin] are not recommended to run.
Package: vim (Red Hat Enterprise Linux 6) - Not affected
Package: vim (Red Hat Enterprise Linux 7) - Not affected
Package: vim (Red Hat Enterprise Linux 8) - Not affected
Package: vim (Red Ha
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-15
Published