CVE-2022-42229

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wedding Planner version 1.0

Description The issue allows for arbitrary code execution via the "package edit.php" endpoint.

Recommendations For version 1.0, update to a version that fixes this issue, if available, or consider disabling access to the "package edit.php" endpoint as a temporary workaround to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-42229

Affected Products

Wedding Planner

CVE-2022-42229

Weakness Enumeration

Related Identifiers

Affected Products

References · 4