Headline
GHSA-fwvc-9xhj-26v5: Badaso vulnerable to Remote Code Execution via malicious file upload
Badaso allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
Badaso vulnerable to Remote Code Execution via malicious file upload
High severity GitHub Reviewed Published Oct 26, 2022 • Updated Oct 26, 2022
Related news
CVE-2022-41711: Critical Vulnerability · Issue #802 · uasoft-indonesia/badaso
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.