CVE-2022-30821

moderate-risk
Published 2022-06-02

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.

Do I need to act?

-
0.42% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Wedding Management System Project

References (2)

Exploit https://github.com/k0xx11/bug_report/blob/main/vendors/codeastro.com/wedding-man...
Exploit https://github.com/k0xx11/bug_report/blob/main/vendors/codeastro.com/wedding-man...
37
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal