exploitDog

CVE-2022-41712

Опубликовано: 25 нояб. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.

Ссылки

https://fluidattacks.com/advisories/kiniza/
Exploit
Third Party Advisory
https://github.com/frappe/frappe/
Product
https://fluidattacks.com/advisories/kiniza/
Exploit
Third Party Advisory
https://github.com/frappe/frappe/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:frappe:frappe:14.10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00361

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-rfgc-5r25-fw46

CVSS3: 6.5

github

около 3 лет назад

Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.

EPSS

Процентиль: 58%

0.00361

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

CWE-22