CVE-2022-45338

Sažetak

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.

Reference

https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272
https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

21-04-2025 - 15:15

Objavljeno

15-12-2022 - 23:15