cvedb.io
CVE-2022-42092
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2022-10-07T18:15:23.097 · Last modified 2026-06-17T05:04:20.200

Summary

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.

Affected products

backdropcms — backdrop_cms

Does this affect you?

Add your gear to cvedb and we'll alert you only when backdropcms ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.