CVE-2022-41711

Source
https://cve.org/CVERecord?id=CVE-2022-41711
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41711.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41711
Aliases
Published
2022-10-25T00:00:00Z
Modified
2026-07-08T05:58:43.990889190Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41711.json",
    "cna_assigner": "Fluid Attacks"
}
References

Affected packages

Git / github.com/uasoft-indonesia/badaso

Affected ranges

Type
GIT
Repo
https://github.com/uasoft-indonesia/badaso
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ],
    "cpe": "cpe:2.3:a:uatech:badaso:2.6.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.6.0"
        },
        {
            "last_affected": "2.6.0"
        }
    ]
}

Affected versions

2.*
2.6.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41711.json"