CVE-2022-41217 - Cloudflow - Unauthenticated file upload vulnerability
CVE | CVE-2022-41217 | |||||||||||
Discovered by |
|
|||||||||||
Credits |
|
|||||||||||
Affected products |
|
|||||||||||
Page author | Victor Pasman | |||||||||||
CVSS |
Base score:
8.8
(HIGH) |
|||||||||||
References |
|
|||||||||||
Problem type(s) | CWE-434: Unrestricted Upload of File with Dangerous Type | |||||||||||
Impact(s) | CAPEC-650 Upload a Web Shell to a Web Server | |||||||||||
Solution(s) | Upgrade to version 2.3.2 of Cloudflow | |||||||||||
Last modified | 23 Feb 2023 12:56 |
Description
Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.
JSON version