Lucene search
K

CVE-2022-24251

🗓️ 01 Mar 2022 23:00:09Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 93 Views🌐 WEB

Extensis Portfolio v4.0 authenticated file upload vulnerabilit

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-24251
1 Mar 202223:15
attackerkb
CNNVD
Celartem Extensis Portfolio 代码问题漏洞
23 Feb 202200:00
cnnvd
Check Point Advisories
Extensis Portfolio Multiple Vulnerabilities (CVE-2022-24251; CVE-2022-24252; CVE-2022-24253; CVE-2022-24254)
21 Mar 202200:00
checkpoint_advisories
Cvelist
CVE-2022-24251
1 Mar 202223:00
cvelist
EUVD
EUVD-2022-29158
3 Oct 202520:07
euvd
NVD
CVE-2022-24251
1 Mar 202223:15
nvd
OSV
CVE-2022-24251
1 Mar 202223:15
osv
Packet Storm
📄 Extensis Portfolio Manager 4.0.1 Shell Upload
17 Feb 202600:00
packetstorm
Prion
Unrestricted file upload
1 Mar 202223:15
prion
RedhatCVE
CVE-2022-24251
22 May 202523:58
redhatcve
Rows per page
NVD
Node
ParameterPositionPathDescriptionCWE
sessionquery param/api/v1/catalogRetrieve catalog information required to locate filesystem/watchfolder for exploitationCWE-434
userNamerequest body/api/v1/auth/loginAuthenticated login endpoint used after encrypting credentials with server public keyCWE-434
encryptedPasswordrequest body/api/v1/auth/loginAuthenticated login endpoint used after encrypting credentials with server public keyCWE-434
sessionrequest body/api/v1/catalog/{catalog_id}/watchfolderFetch watchfolder details for a catalog to determine write pathCWE-434
filemultipart/form-data upload/api/v1/catalog/{catalog_id}/watchfolder/{watchfolder_id}/uploadUnauthenticated? file upload to a watchfolder which can be misused for webshell deploymentCWE-434
pathmultipart/form-data upload/api/v1/catalog/{catalog_id}/watchfolder/{watchfolder_id}/uploadUnauthenticated? file upload to a watchfolder which can be misused for webshell deploymentCWE-434
filenamemultipart/form-data upload/api/v1/catalog/{catalog_id}/watchfolder/{watchfolder_id}/uploadUnauthenticated? file upload to a watchfolder which can be misused for webshell deploymentCWE-434
embedrequest body/api/v1/catalog/{catalog_id}/asset/updateFieldValuesUpdate asset fields to rename or repurpose uploaded artifacts (e.g., webshell)CWE-434
queryrequest body/api/v1/catalog/{catalog_id}/asset/updateFieldValuesUpdate asset fields to rename or repurpose uploaded artifacts (e.g., webshell)CWE-434
changesrequest body/api/v1/catalog/{catalog_id}/asset/updateFieldValuesUpdate asset fields to rename or repurpose uploaded artifacts (e.g., webshell)CWE-434
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:31Current
8.7High risk
Vulners AI Score8.7
CVSS 26.5
CVSS 3.18.8
EPSS0.01608
93