CVE-2022-39833

Опубликовано: 23 нояб. 2022

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.

Ссылки

https://gist.github.com/DylanGrl/4b4e0d53bb7626b2ab3f834ec5a2b23c
Exploit
Third Party Advisory
https://www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution
Vendor Advisory
https://gist.github.com/DylanGrl/4b4e0d53bb7626b2ab3f834ec5a2b23c
Exploit
Third Party Advisory
https://www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:filecloud:filecloud:*:*:*:*:*:*:*:*

Версия от 20.2 (включая) до 21.3.7.18607 (исключая)

EPSS

Процентиль: 93%

0.09547

Низкий

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-94

Связанные уязвимости

GHSA-898w-r5qq-x64c