CVE-2022-38484

{"id": "CVE-2022-38484", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-25T18:17:14.550", "references": [{"url": "https://citadelo.com/download/CVE-2022-38484.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges."}, {"lang": "es", "value": "Existe una vulnerabilidad de carga de archivos arbitrarios y directory traversal en la funcionalidad de carga de archivos del men\u00fa Configuraci\u00f3n del sistema en AgeVolt Portal antes de la versi\u00f3n 0.1. Un atacante autenticado remotamente podr\u00eda aprovechar esta vulnerabilidad para cargar archivos en cualquier ubicaci\u00f3n del sistema operativo de destino con privilegios de servidor web."}], "lastModified": "2023-10-30T18:20:44.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:agevolt:agevolt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF5D8B0B-E50B-443C-B9D3-3F9917A97296", "versionEndExcluding": "0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}