PT-2022-14946 · Unknown · Polonel/Trudesk

Published

2022-06-20

Updated

2022-06-28

CVE-2022-2128

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions polonel/trudesk versions prior to 1.2.4

Description The issue concerns an unrestricted upload of files with dangerous types. This problem is related to the GitHub repository polonel/trudesk.

Recommendations For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-2128

Affected Products

Polonel/Trudesk

PT-2022-14946 · Unknown · Polonel/Trudesk

CVE-2022-2128

Weakness Enumeration

Related Identifiers

Affected Products

References · 6