CVE-2022-41705

{"id": "CVE-2022-41705", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-11-25T18:15:10.980", "references": [{"url": "https://fluidattacks.com/advisories/headhunterz/", "tags": ["Exploit", "Third Party Advisory"], "source": "help@fluidattacks.com"}, {"url": "https://github.com/uasoft-indonesia/badaso/", "tags": ["Product"], "source": "help@fluidattacks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users."}, {"lang": "es", "value": "La versi\u00f3n 2.6.3 de Badaso permite que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario de forma remota en el servidor. Esto es posible porque la aplicaci\u00f3n no valida adecuadamente los datos cargados por los usuarios."}], "lastModified": "2022-11-30T16:08:42.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uatech:badaso:2.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40BA014C-FC30-4A89-AF50-C47869048E82"}], "operator": "OR"}]}], "sourceIdentifier": "help@fluidattacks.com"}