Home > Vulnerability Database > CVE-2022-3944

Mend.io Vulnerability Database

CVE-2022-3944

Date: November 10, 2022

A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451.

Language: PHP

Severity Score

6.3

Related Resources (4)

Url: https://vuldb.com/?id.213451

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3944

Url: https://github.com/jerryhanjj/ERP/issues/3

Url: https://www.mend.io/vulnerability-database/CVE-2022-3944

Severity Score

6.3

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

Incorrect Privilege Assignment

CWE-266

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-3944

Date: November 10, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?