CVE-2022-32060

描述

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.

受影響套件(1)

• Packagist/snipe/snipe-itfrom 0, <= 6.0.2

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-32060
• PATCHhttps://github.com/snipe/snipe-it
• WEBhttps://github.com/bypazs/CVE-2022-32060
• WEBhttps://grimthereaperteam.medium.com/snipe-it-version-v6-0-2-file-upload-cross-site-scripting-b15becc1a5ea