PT-2022-17951 · Eziosuite · Eziosuite

Chu1Z1

Published

2022-04-06

Updated

2022-04-13

CVE-2022-26605

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions eZiosuite version 2.0.7

Description The issue concerns an authenticated arbitrary file upload via the Avatar upload functionality.

Recommendations For eZiosuite version 2.0.7, consider disabling the Avatar upload functionality until a patch is available to prevent exploitation. Restrict access to the upload feature to minimize the risk of arbitrary file uploads.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-26605

Affected Products

Eziosuite

PT-2022-17951 · Eziosuite · Eziosuite

CVE-2022-26605

Weakness Enumeration

Related Identifiers

Affected Products

References · 5