CVE-2022-46610

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 72crm version 9

Description The issue is related to an arbitrary file upload vulnerability via the avatar upload function, allowing attackers to execute arbitrary code by uploading a crafted PHP file.

Recommendations For 72crm version 9, consider disabling the avatar upload function until a patch is available to prevent exploitation of this issue. Restrict access to the vulnerable function to minimize the risk of arbitrary code execution.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-46610

Affected Products

72Crm

CVE-2022-46610

Weakness Enumeration

Related Identifiers

Affected Products

References · 7