CVE-2022-45275

CVSS V2 None CVSS V3 None

Description

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Overview

CVE ID
CVE-2022-45275

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2022-12-12T20:15:10

Last Modified Date
2022-12-15T13:52:15

Weakness Enumerations

CWE	URL
CWE-434	http://cwe.mitre.org/data/definitions/434.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:dynamic_transaction_queuing_system_project:dynamic_transaction_queuing_system:1.0:::::::*	1	OR

References

Reference URL	Reference Tags
https://github.com/ATKF/bug_report/blob/main/vendors/oretnom23/dynamic-transaction-queuing-system/RCE-1.md

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-45275
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45275

History

Created	Old Value	New Value	Data Type	Notes
2022-12-12 20:15:51				Added to TrackCVE
2022-12-13 02:15:09	2022-12-12T20:15:10.787	2022-12-12T20:15:10	CVE Published Date	updated
2022-12-13 02:15:09		2022-12-13T01:45:52	CVE Modified Date	updated
2022-12-13 02:15:09	Received	Awaiting Analysis	Vulnerability Status	updated
2022-12-13 15:15:08	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-15 16:17:50		2022-12-15T13:52:15	CVE Modified Date	updated
2022-12-15 16:17:50	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-15 16:17:50		CWE-434	Weakness Enumeration	new
2022-12-15 16:17:50			CPE Information	updated