CVE-2022-47769

{"id": "CVE-2022-47769", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-02-01T02:15:07.860", "references": [{"url": "http://serenissima.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://www.swascan.com/it/security-advisory-serenissima-informatica-fastcheckin/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell."}], "lastModified": "2023-02-08T01:37:42.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:serinf:fast_checkin:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "043ABA12-227C-43FF-BF48-0E0C552FD10E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}