Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/harlow/ | Exploit Issue Tracking Third Party Advisory |
https://github.com/uasoft-indonesia/badaso/issues/802 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2022-10-25T00:00:00
Updated: 2022-10-25T00:00:00
Reserved: 2022-09-28T00:00:00
Link: CVE-2022-41711
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-25T21:15:49.150
Modified: 2022-10-28T17:51:09.530
Link: CVE-2022-41711
JSON object: View
Redhat Information
No data.
CWE