CVE-2022-45891

Name of the Vulnerable Software and Affected Versions Planet eStream versions prior to 6.72.10.07

Description The issue allows attackers to call restricted functions and perform unauthenticated uploads via the "Upload2.ashx" endpoint or access content uploaded by other users through "View.aspx" after using "Ajax.asmx/SaveGrantAccessList".

Recommendations For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Upload2.ashx" endpoint and limiting the use of "Ajax.asmx/SaveGrantAccessList" to minimize the risk of exploitation.