This can lead to remote code execution and information leak. Attackers can also inject malicious code into /diagnostic/editclient.php?id=; /diagnostic/editclient.php?id=; /diagnostic/newclient.php?id=; /diagnostic/newclient.php?id=; /diagnostic/search.php?type=&adv=1; /diagnostic/search.php?type=&adv=1; /diagnostic/search.php?type=&adv=1; /diagnostic/addclients.php?id=; /diagnostic/editclients.php?id=; /diagnostic/newclients.php?id=; /diagnostic/search.php?type=&adv=1; /diagnostic/search.php?type=&adv=1; /diagnostic/search.php?type=&adv=1; /diagnostic/addclients.php?id=; /diagnostic/editclients.php?id=; /diagnostic/newclients.php?id=; /report/editreport.php?id=; /report/editreport.php?id=; /report/newreport.php?id=; /report/editreport.php?id=; /report/newreport.php?id=; /report/search.php?type=&
Introduction
CVE-2022-42073 is a vulnerability that affects the software of three different CMSs, including WordPress, Joomla!, and Drupal. This vulnerability could allow an unauthenticated attacker to remotely execute code on a vulnerable system.
The flaw exists in the way that the affected software handles user input. An attacker with a low skill level would have limited success exploiting this vulnerability. However, attackers with enough skill can exploit this flaw to gain remote code execution and potentially access information on the target system.
2.3.1
. Remote Code Execution
CVE-2022-42073
This can lead to remote code execution and information leak. Attackers can also inject malicious code into /diagnostic/editclient.php?id=; /diagnostic/editclient.php?id=; /diagnostic/newclient.php?id=; /diagnostic/newclient.php?id=; /diagnostic/search.php?type=&adv=1; /diagnostic/search.php?type=&adv=1; /diagnostic/addclients.php?id=; /diagnostic/editclients.php?id=; /diagnostic/newclients.php?id=; /report/editreport.php?id=; /report/editreport.php?id=; /report/newreport.php?id=;
Timeline
Published on: 10/07/2022 19:15:00 UTC
Last modified on: 10/10/2022 02:26:00 UTC