How severe is CVE-2022-0377?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2022-0377?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2022-0377 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.

Related Vulnerabilities

CVE-2017-15326

MEDIUM

CVSS:4.3(Medium)

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an inse...

CWE-3272017

CVE-2019-16116

MEDIUM

CVSS:4.3(Medium)

EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.

CWE-3272019

CVE-2020-29536

MEDIUM

CVSS:4.3(Medium)

Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in furthe...

CWE-3272020

CVE-2022-24403

MEDIUM

CVSS:4.3(Medium)

The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient rec...

CWE-3272022

CVE-2022-30320

MEDIUM

CVSS:4.3(Medium)

Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing...

CWE-3272022

CVE-2024-29056

MEDIUM

CVSS:4.3(Medium)

Windows Authentication Elevation of Privilege Vulnerability

CWE-3272024