Detections
Analytics

CVE-2022-41711

critical

Description

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

References

https://github.com/uasoft-indonesia/badaso/issues/802

https://fluidattacks.com/advisories/harlow/

Details

Source: Mitre, NVD

Published: 2022-10-25

Updated: 2022-10-28

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical