← voltar
CVE-2022-24387

File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010

CVSS 9.1 CRITICALEPSS 1.5%CWE-434
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
SmarterTools · SmarterTrack

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://csirt.divd.nl/CVE-2022-24387/https://csirt.divd.nl/DIVD-2021-00029https://csrit.divd.nl/CVE-2022-24387