CVE-2022-42458 Information

Description

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result an arbitrary script may be executed and/or a file may be altered.

Reference

https://www.bingo-cms.jp/information/20221011.html https://jvn.jp/en/jp/JVN74592196/index.html