CVE-2022-32061

Name of the Vulnerable Software and Affected Versions Snipe-IT version 6.0.2

Description The issue allows attackers to execute arbitrary code via a crafted file, exploiting an arbitrary file upload vulnerability in the Select User function under the People Menu component.

Recommendations For Snipe-IT version 6.0.2, consider disabling the file upload functionality in the Select User function as a temporary workaround until a patch is available. Restrict access to the People Menu component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.