CVE-2022-41705
Badaso vulnerable to Remote Code Execution (RCE)
9.8
CRITICAL
CVSS 3.1
EPSS 11.8%
Description
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
How to fix CVE-2022-41705
To remediate CVE-2022-41705, upgrade the affected package to a fixed version below.
- Packagist/badaso/core—upgrade to 2.7.0 or later
Is CVE-2022-41705 being exploited?
Moderate — EPSS is 11.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.7.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |