Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/headhunterz/ | Exploit Third Party Advisory |
https://github.com/uasoft-indonesia/badaso/ | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2022-11-25T00:00:00
Updated: 2022-11-25T00:00:00
Reserved: 2022-09-28T00:00:00
Link: CVE-2022-41705
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-11-25T18:15:10.980
Modified: 2022-11-30T16:08:42.933
Link: CVE-2022-41705
JSON object: View
Redhat Information
No data.
CWE