CVE-2022-29623

Name of the Vulnerable Software and Affected Versions Connect-Multiparty version 2.2.0

Description An arbitrary file upload vulnerability in the file upload module allows attackers to execute arbitrary code via a crafted PDF file.

Recommendations For Connect-Multiparty version 2.2.0, consider disabling the file upload module until a patch is available to prevent exploitation. Restrict access to the file upload functionality to minimize the risk of arbitrary code execution. Avoid using the file upload feature with untrusted or unknown PDF files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.