Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03 | Mitigation Third Party Advisory US Government Resource |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 9.4 |
References | () https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03 - Mitigation, Third Party Advisory, US Government Resource |
Information
Published : 2022-06-24 15:15
Updated : 2024-11-21 07:00
NVD link : CVE-2022-2102
Mitre link : CVE-2022-2102
CVE.ORG link : CVE-2022-2102
JSON object : View
Products Affected
secheron
- sepcos_control_and_protection_relay_firmware
- sepcos_control_and_protection_relay