CVE-2022-41711
Badaso vulnerable to Remote Code Execution via malicious file upload
9.8
CRITICAL
CVSS 3.1
EPSS 10.0%
Description
Badaso allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
How to fix CVE-2022-41711
To remediate CVE-2022-41711, upgrade the affected package to a fixed version below.
- Packagist/badaso/core—upgrade to 2.6.1 or later
Is CVE-2022-41711 being exploited?
Moderate — EPSS is 10.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.6.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |