CVE-2022-28606 — CRITICAL (9.8)

Vulnerability Description

An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bosscms	Bosscms	1.0.0

Related Weaknesses (CWE)

CWE-434

References

https://www.bosscms.net/Broken Link
https://www.cnvd.org.cn/flaw/show/CNVD-2022-04804Third Party Advisory
https://www.cnvd.org.cn/patchInfo/show/313666Third Party Advisory
https://www.bosscms.net/Broken Link
https://www.cnvd.org.cn/flaw/show/CNVD-2022-04804Third Party Advisory
https://www.cnvd.org.cn/patchInfo/show/313666Third Party Advisory

FAQ

What is CVE-2022-28606?

CVE-2022-28606 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.

How severe is CVE-2022-28606?

CVE-2022-28606 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-28606?

Check the references section above for vendor advisories and patch information. Affected products include: Bosscms Bosscms.