← back
CVE-2022-44006

CVE-2022-44006

CVSS 9.8 CRITICALEPSS 1.9%CWE-22
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Nov 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →