PT-2022-20358 · Fudforum · Fudforum

Sonnguyen3496

Published

2022-06-06

Updated

2022-06-14

CVE-2022-30860

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FUDforum version 3.1.2

Description The issue allows for Remote Code Execution through the Upload File feature of the File Administration System in the Admin Control Panel.

Recommendations For FUDforum version 3.1.2, consider disabling the Upload File feature in the Admin Control Panel as a temporary workaround until a patch is available. Restrict access to the File Administration System to minimize the risk of exploitation.

Exploit

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-30860

Affected Products

Fudforum

PT-2022-20358 · Fudforum · Fudforum

CVE-2022-30860

Weakness Enumeration

Related Identifiers

Affected Products

References · 5