GHSA-g389-rf5p-fg56

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-g389-rf5p-fg56/GHSA-g389-rf5p-fg56.json
Aliases
  • CVE-2022-41705
Published
2022-11-25T18:30:25Z
Modified
2023-01-31T02:36:11.635721Z
Details

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

References

Affected packages

Packagist / badaso/core

badaso/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
2.7.0

Affected versions

1.*

1.0.0
1.0.0-alpha.1
1.0.0-alpha.10
1.0.0-alpha.11
1.0.0-alpha.12
1.0.0-alpha.13
1.0.0-alpha.14
1.0.0-alpha.15
1.0.0-alpha.16
1.0.0-alpha.17
1.0.0-alpha.18
1.0.0-alpha.19
1.0.0-alpha.2
1.0.0-alpha.20
1.0.0-alpha.21
1.0.0-alpha.22
1.0.0-alpha.23
1.0.0-alpha.24
1.0.0-alpha.25
1.0.0-alpha.26
1.0.0-alpha.27
1.0.0-alpha.28
1.0.0-alpha.29
1.0.0-alpha.3
1.0.0-alpha.30
1.0.0-alpha.31
1.0.0-alpha.32
1.0.0-alpha.33
1.0.0-alpha.34
1.0.0-alpha.35
1.0.0-alpha.36
1.0.0-alpha.37
1.0.0-alpha.38
1.0.0-alpha.39
1.0.0-alpha.4
1.0.0-alpha.40
1.0.0-alpha.5
1.0.0-alpha.6
1.0.0-alpha.7
1.0.0-alpha.8
1.0.0-alpha.9
1.0.0-rc
1.0.0-rc.1
1.0.0-rc.10
1.0.0-rc.11
1.0.0-rc.12
1.0.0-rc.13
1.0.0-rc.14
1.0.0-rc.15
1.0.0-rc.2
1.0.0-rc.3
1.0.0-rc.4
1.0.0-rc.5
1.0.0-rc.6
1.0.0-rc.7
1.0.0-rc.8
1.0.0-rc.9
1.0.1
1.0.2

2.*

2.0.0
2.0.0-alpha
2.0.0-rc
2.0.0-rc.1
2.0.0-rc.10
2.0.0-rc.11
2.0.0-rc.12
2.0.0-rc.13
2.0.0-rc.14
2.0.0-rc.2
2.0.0-rc.3
2.0.0-rc.4
2.0.0-rc.5
2.0.0-rc.6
2.0.0-rc.7
2.0.0-rc.8
2.0.0-rc.9
2.0.1
2.0.2
2.1.0
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.4.0
2.4.1
2.4.10
2.4.11
2.4.12
2.4.13
2.4.14
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.5.0
2.5.1
2.5.2
2.5.3
2.6.0
2.6.1
2.6.2
2.6.3