Skip to main content

CVE-2022-3982

Description

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE

NVD
Severity: CRITICAL
CVE ID: CVE-2022-3982
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2022-3982

Refrence: Project Discovery GitHub

Description
Proof Of Concept