CVE-2022-42458
CRITICAL EXPLOITED IN THE WILDbingo!CMS < 1.7.4.1 - Unauthenticated Authentication Bypass and Arbitrary File Upload
Title source: llmExploitation Summary
CVE-2022-42458 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.
References (2)
Core 2
Core References
Third Party Advisory
https://jvn.jp/en/jp/JVN74592196/index.html
Vendor Advisory
https://www.bingo-cms.jp/information/20221011.html
Scores
CVSS v3
9.8
EPSS
0.0108
EPSS Percentile
60.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2022-10-11
InTheWild.io
2022-10-11
CWE
CWE-287
Status
published
Products (1)
shift-tech/bingo\!cms
< 1.7.4.1
Published
Dec 07, 2022
Tracked Since
Feb 18, 2026