{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41711", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "assignerShortName": "Fluid Attacks", "dateUpdated": "2025-05-07T19:32:44.015Z", "dateReserved": "2022-09-28T00:00:00.000Z", "datePublished": "2022-10-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2022-10-25T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users."}], "affected": [{"vendor": "n/a", "product": "Badaso", "versions": [{"version": "2.6.0", "status": "affected"}]}], "references": [{"url": "https://fluidattacks.com/advisories/harlow/"}, {"url": "https://github.com/uasoft-indonesia/badaso/issues/802"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Remote command execution (RCE)"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.723Z"}, "title": "CVE Program Container", "references": [{"url": "https://fluidattacks.com/advisories/harlow/", "tags": ["x_transferred"]}, {"url": "https://github.com/uasoft-indonesia/badaso/issues/802", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-07T19:32:24.292706Z", "id": "CVE-2022-41711", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T19:32:44.015Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fluidattacks.com/advisories/harlow/", "tags": ["x_transferred"]}, {"url": "https://github.com/uasoft-indonesia/badaso/issues/802", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.723Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-41711", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-07T19:32:24.292706Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T19:32:38.548Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Badaso", "versions": [{"status": "affected", "version": "2.6.0"}]}], "references": [{"url": "https://fluidattacks.com/advisories/harlow/"}, {"url": "https://github.com/uasoft-indonesia/badaso/issues/802"}], "descriptions": [{"lang": "en", "value": "Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Remote command execution (RCE)"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2022-10-25T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-41711", "state": "PUBLISHED", "dateUpdated": "2025-05-07T19:32:44.015Z", "dateReserved": "2022-09-28T00:00:00.000Z", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "datePublished": "2022-10-25T00:00:00.000Z", "assignerShortName": "Fluid Attacks"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uatech:badaso:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F747296-3BE2-4660-95EB-C68E72A79EAF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users."}, {"lang": "es", "value": "Badaso versi\u00f3n 2.6.0, permite a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario de forma remota en el servidor. Esto es posible porque la aplicaci\u00f3n no comprueba apropiadamente los datos descargados por los usuarios"}], "id": "CVE-2022-41711", "lastModified": "2025-05-07T20:15:22.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-10-25T21:15:49.150", "references": [{"source": "help@fluidattacks.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://fluidattacks.com/advisories/harlow/"}, {"source": "help@fluidattacks.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/uasoft-indonesia/badaso/issues/802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://fluidattacks.com/advisories/harlow/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/uasoft-indonesia/badaso/issues/802"}], "sourceIdentifier": "help@fluidattacks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}