exploitDog

CVE-2022-3552

Опубликовано: 17 окт. 2022

Источник: nvd

CVSS3: 7.2

CVSS3: 7.2

EPSS Средний

Описание

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.

Ссылки

http://packetstormsecurity.com/files/171542/BoxBilling-4.22.1.5-Remote-Code-Execution.html
https://github.com/boxbilling/boxbilling/commit/b6705995785eaa8653e876318c9b3d82060dc945
Third Party Advisory
https://huntr.dev/bounties/c6e2973d-386d-4667-9426-10d10828539b
Exploit
Patch
Third Party Advisory
http://packetstormsecurity.com/files/171542/BoxBilling-4.22.1.5-Remote-Code-Execution.html
https://github.com/boxbilling/boxbilling/commit/b6705995785eaa8653e876318c9b3d82060dc945
Third Party Advisory
https://huntr.dev/bounties/c6e2973d-386d-4667-9426-10d10828539b
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:boxbilling:boxbilling:*:*:*:*:*:*:*:*

Версия до 0.0.1 (исключая)

EPSS

Процентиль: 99%

0.68915

Средний

7.2 High

CVSS3

7.2 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-r3mf-wrm4-mjqq

CVSS3: 7.2

github

больше 3 лет назад

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.

EPSS

Процентиль: 99%

0.68915

Средний

7.2 High

CVSS3

7.2 High

CVSS3

Дефекты

CWE-434

CWE-434