An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename.
CPE | Name | Operator | Version |
---|---|---|---|
formidable | lt | 3.2.4 |
github.com/node-formidable/formidable/issues/856
github.com/node-formidable/formidable/pull/857
gitlab.com/keymandll/blog/-/blob/master/posts/03062022-Invulnerability_Analysis-CVE-2022%E2%80%9329622/index.md
nvd.nist.gov/vuln/detail/CVE-2022-29622
portswigger.net/daily-swig/researcher-defends-formidable-in-fight-against-critical-cve-vulnerability-assignment
www.youtube.com/watch?v=C6QPKooxhAo