CVE-2022-31260

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Montala ResourceSpace versions prior to r19636

Description The issue allows attackers to export collection metadata via a non-NULL k value in the csv export results metadata.php file.

Recommendations For versions prior to r19636, update to a version that includes the fix for this issue, as the specific fixed version is not provided in the available data.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BIT-RESOURCESPACE-2022-31260

CVE-2022-31260

Affected Products

Resourcespace

CVE-2022-31260

Weakness Enumeration

Related Identifiers

Affected Products

References · 6