PT-2022-26247 · Unknown · Backdrop Cms

Published

2022-10-07

Updated

2024-08-03

CVE-2022-42092

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Backdrop CMS version 1.22.0

Description The issue allows attackers to achieve Remote Code Execution via themes due to an Unrestricted File Upload vulnerability. Note that there is a dispute from third parties, arguing that advanced permissions are required to exploit this issue.

Recommendations For Backdrop CMS version 1.22.0, consider restricting access to the themes component to minimize the risk of exploitation until a fix is available.

Exploit

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-42092

GHSA-33C9-RPPF-M7FQ

Affected Products

Backdrop Cms

PT-2022-26247 · Unknown · Backdrop Cms

CVE-2022-42092

Weakness Enumeration

Related Identifiers

Affected Products

References · 5