CVE-2022-29622

Name of the Vulnerable Software and Affected Versions formidable version 3.1.4 formidable version 3.2.4

Description An arbitrary file upload vulnerability in formidable allows attackers to execute arbitrary code via a crafted filename. Some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled.

Recommendations For version 3.1.4, consider disabling the file upload functionality until a patch is available. For version 3.2.4, consider restricting access to the file upload feature to minimize the risk of exploitation. As a temporary workaround, consider changing the configuration options to alter the default behavior of how files are handled. At the moment, there is no information about a newer version that contains a fix for this vulnerability.