What is CVE-2022-3982?

CVE-2022-3982 is a vulnerability in Booking Calendar, Appointment System, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2022-12-12.

Is CVE-2022-3982 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Booking Calendar, Appointment System

CVE-2022-3982

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE

EPSS: 0.720 (98.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Booking Calendar, Appointment System — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
cyllective/CVEs

References

wpscan.com/vulnerability/4d91f3e1-4de9-46c1-b5ba-cc55b7726867 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-3982?: CVE-2022-3982 is a vulnerability in Booking Calendar, Appointment System, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2022-12-12.
Is CVE-2022-3982 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.