CVE-2022-37346 The Product Image Bulk Upload Plugin has an insufficient verification vulnerability when uploading files.

There is currently no known exploit for this issue. However, we recommend updating to version 4.1.0 or higher as soon as possible. Vulnerable versions: 4.0.0- 4.0.1 4.1.0 vulnerable versions: 4.1.0 4.2.0-4.3.0

What is the Apache Tomcat software?

Apache Tomcat is software that is used to serve web content. It was created by the Apache Software Foundation in 1999, and it is a servlet engine which implements the Java Servlet API specification.
Tomcat includes both server-side and client-side code for running Java code, as well as for running applications written in other languages.

Products Affected by CVE-2022-37346

- All products running on the affected versions of the software.

- All Android and iOS devices with any of those installed.

- All websites running on any of those versions.

Summary

A vulnerability has been discovered on the "CMS_V4" component in WordPress. This issue affects versions 4.0.0-4.3.0, and has been assigned CVE-2022-37346
The following is a summary of this issue:
Exploitation of this issue may allow attackers to cause denial of service conditions on an affected site, gain unauthorized access to a site, execute arbitrary code on a site, or obtain sensitive information from a site.

Cisco NX-OS Software Vulnerable to Code Execution

A vulnerability has been identified in Cisco NX-OS Software. This vulnerability could allow an authenticated, local attacker to gain elevated privileges and execute code as root. No exploit is known; however, we recommend that you update to version 4.1.0 or higher as soon as possible.

Timeline

Published on: 09/27/2022 23:15:00 UTC
Last modified on: 09/30/2022 19:25:00 UTC

References

• https://www.ec-cube.net/info/weakness/20220909/product_images_uploader.php
• https://jvn.jp/en/jp/JVN30900552/index.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37346