PT-2022-20718 · Eve-Ng · Eve-Ng
Erpaciocco
·
Published
2022-10-20
·
Updated
2025-05-08
·
CVE-2022-31366
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EVE-NG version 2.0.3-112 Community
Description
The issue is related to an arbitrary file upload vulnerability in the
apiImportLabs function within api labs.php. This vulnerability allows attackers to execute arbitrary code by uploading a crafted UNL file.Recommendations
For EVE-NG version 2.0.3-112 Community, consider disabling the
apiImportLabs function in api labs.php as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the api labs.php file to minimize the risk of arbitrary code execution. Avoid using the apiImportLabs function until the issue is resolved.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eve-Ng