← back
CVE-2022-23766

BigFileAgent arbitrary file execution vulnerability

CVSS 7.8 HIGHEPSS 0.5%CWE-20
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Sep 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H