exploitDog

CVE-2022-41711

Опубликовано: 25 окт. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

Ссылки

https://fluidattacks.com/advisories/harlow/
Exploit
Issue Tracking
Third Party Advisory
https://github.com/uasoft-indonesia/badaso/issues/802
Issue Tracking
Third Party Advisory
https://fluidattacks.com/advisories/harlow/
Exploit
Issue Tracking
Third Party Advisory
https://github.com/uasoft-indonesia/badaso/issues/802
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uatech:badaso:2.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.09998

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-fwvc-9xhj-26v5

CVSS3: 9.8

github

больше 3 лет назад

Badaso vulnerable to Remote Code Execution via malicious file upload

EPSS

Процентиль: 93%

0.09998

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434