CVE-2022-45338

Опубликовано: 15 дек. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.

Ссылки

https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272
Third Party Advisory
https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:exactsoftware:exact_synergy:267:-:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp1:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp10:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp11:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp12:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp2:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp3:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp4:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp5:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp6:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp7:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp8:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:267:sp9:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:500:-:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:500:sp1:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:500:sp2:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:500:sp3:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:500:sp4:*:*:enterprise:*:*:*

cpe:2.3:a:exactsoftware:exact_synergy:500:sp5:*:*:enterprise:*:*:*

EPSS

Процентиль: 33%

0.00134

Низкий

7.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-7gx6-h9v6-8h22