Lucene search
SnykCVELIST:CVE-2022-25299HistoryFeb 18, 2022 - 12:55 p.m.
CVE-2022-25299 Arbitrary File Write
2022-02-1812:55:21
snyk
www.cve.org
7
arbitrary file write
cesanta/mongoose
mg_http_upload()
unsafe handling of file names
attackers
arbitrary locations
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.003
Percentile
69.2%
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
CNA Affected
[
{
"product": "cesanta/mongoose",
"vendor": "n/a",
"versions": [
{
"lessThan": "7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2022-25299
2022-02-18 13:15:08
ubuntucve
ubuntucve
CVE-2022-25299
2022-02-18 00:00:00
debiancve
debiancve
CVE-2022-25299
2022-02-18 13:15:08
prion
prion
Design/Logic Flaw
2022-02-18 13:15:00
cve
cve
CVE-2022-25299
2022-02-18 13:15:08
nvd
nvd
CVE-2022-25299
2022-02-18 13:15:08
openvas
openvas
Mongoose Web Server < 7.6 File Upload Vulnerability
2022-02-23 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.003
Percentile
69.2%
Related for CVELIST:CVE-2022-25299