← volver
CVE-2022-23766

BigFileAgent arbitrary file execution vulnerability

CVSS 7.8 HIGHEPSS 0.5%CWE-20
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 sep 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H