PT-2022-19100 · Wenzhou Huoyin Information Technology Co. · Bosscms

Published

2022-05-05

Updated

2022-05-13

CVE-2022-28606

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wenzhou Huoyin Information Technology Co., Ltd. BossCMS version 1.0

Description An arbitrary file upload issue exists, which can be exploited by an attacker to gain control of the server.

Recommendations For Wenzhou Huoyin Information Technology Co., Ltd. BossCMS version 1.0, consider restricting file upload capabilities to prevent exploitation until a fix is available.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-28606

Affected Products

Bosscms

PT-2022-19100 · Wenzhou Huoyin Information Technology Co. · Bosscms

CVE-2022-28606

Weakness Enumeration

Related Identifiers

Affected Products

References · 5