GHSA-fwvc-9xhj-26v5

Опубликовано: 26 окт. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Badaso vulnerable to Remote Code Execution via malicious file upload

Badaso allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

Ссылки

Пакеты

Наименование

badaso/core

composer

Затронутые версииВерсия исправления

< 2.6.1

2.6.1

EPSS

Процентиль: 93%

0.09998

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-41711

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-41711

CVSS3: 9.8

nvd

больше 3 лет назад

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

EPSS

Процентиль: 93%

0.09998

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-41711

Дефекты

CWE-434