Lucene search
China National Vulnerability DatabaseCNVD-2022-68408HistorySep 28, 2022 - 12:00 a.m.
ZFile arbitrary file upload vulnerability
2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
19
java-based web development
zfile-dev
remote code execution
EPSS
0.003
Percentile
68.8%
ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious files and remotely execute arbitrary code.
Related
cve
cve
CVE-2022-40050
2022-09-26 20:15:10
cvelist
cvelist
CVE-2022-40050
2022-09-26 19:11:36
nvd
nvd
CVE-2022-40050
2022-09-26 20:15:10
prion
prion
Privilege escalation
2022-09-26 20:15:00