CVE-2022-41711 – badaso/core

Package

Manager: composer
Name: badaso/core
Vulnerable Version: >=0 <2.6.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.04176 pctl0.88251

Details

Badaso vulnerable to Remote Code Execution via malicious file upload Badaso allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

Metadata

Created: 2022-10-26T12:00:31Z
Modified: 2022-10-31T15:41:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-fwvc-9xhj-26v5/GHSA-fwvc-9xhj-26v5.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-fwvc-9xhj-26v5
Finding: F027
Auto approve: 1