{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41711", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "assignerShortName": "Fluid Attacks", "dateUpdated": "2024-08-03T12:49:43.723Z", "dateReserved": "2022-09-28T00:00:00", "datePublished": "2022-10-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2022-10-25T00:00:00"}, "descriptions": [{"lang": "en", "value": "Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users."}], "affected": [{"vendor": "n/a", "product": "Badaso", "versions": [{"version": "2.6.0", "status": "affected"}]}], "references": [{"url": "https://fluidattacks.com/advisories/harlow/"}, {"url": "https://github.com/uasoft-indonesia/badaso/issues/802"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Remote command execution (RCE)"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.723Z"}, "title": "CVE Program Container", "references": [{"url": "https://fluidattacks.com/advisories/harlow/", "tags": ["x_transferred"]}, {"url": "https://github.com/uasoft-indonesia/badaso/issues/802", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uatech:badaso:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F747296-3BE2-4660-95EB-C68E72A79EAF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users."}, {"lang": "es", "value": "Badaso versi\u00f3n 2.6.0, permite a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario de forma remota en el servidor. Esto es posible porque la aplicaci\u00f3n no comprueba apropiadamente los datos descargados por los usuarios"}], "id": "CVE-2022-41711", "lastModified": "2022-10-28T17:51:09.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-25T21:15:49.150", "references": [{"source": "help@fluidattacks.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://fluidattacks.com/advisories/harlow/"}, {"source": "help@fluidattacks.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/uasoft-indonesia/badaso/issues/802"}], "sourceIdentifier": "help@fluidattacks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}