PT-2022-27473 · Exact · Exact Synergy Enterprise

Max Rozendaal

Published

2022-12-15

Updated

2022-12-21

CVE-2022-45338

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Exact Synergy Enterprise 267 versions prior to 267SP13 Exact Synergy Enterprise 500 versions prior to 500SP6

Description The issue concerns an arbitrary file upload vulnerability in the profile picture upload function, allowing attackers to execute arbitrary code via a crafted SVG file.

Recommendations For Exact Synergy Enterprise 267 versions prior to 267SP13, update to version 267SP13 or later. For Exact Synergy Enterprise 500 versions prior to 500SP6, update to version 500SP6 or later.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-45338

Affected Products

Exact Synergy Enterprise

PT-2022-27473 · Exact · Exact Synergy Enterprise

CVE-2022-45338

Weakness Enumeration

Related Identifiers

Affected Products

References · 6