CVE-2022-3771: Incorrect Privilege Assignment

October 31, 2022 (updated November 9, 2023)

A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.

References

github.com/advisories/GHSA-vqvm-qrwh-69h7
nvd.nist.gov/vuln/detail/CVE-2022-3771
vuldb.com/?id.212501

Code Behaviors & Features

Detect and mitigate CVE-2022-3771 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →