CVE-2022-45171

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions.
References
Link Resource
https://www.gruppotim.it/it/footer/red-team.html Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:*

History

26 Jul 2024, 18:20

Type Values Removed Values Added
CWE CWE-434
First Time Liveboxcloud
Liveboxcloud vdesk
CPE cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References () https://www.gruppotim.it/it/footer/red-team.html - () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory

29 May 2024, 13:02

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en LIVEBOX Collaboration vDesk hasta v018. Se puede realizar una carga sin restricciones de un archivo con un tipo peligroso en la sección del sitio web de vShare. Un usuario remoto, autenticado en el producto, puede cargar arbitrariamente archivos potencialmente peligrosos sin restricciones.

28 May 2024, 20:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-28 20:16

Updated : 2024-08-26 14:35


NVD link : CVE-2022-45171

Mitre link : CVE-2022-45171

CVE.ORG link : CVE-2022-45171


JSON object : View

Products Affected

liveboxcloud

  • vdesk
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type