Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:34 p.m.11 views

CVE-2022-39367

QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...

8.6CVSS6.9AI score0.00951EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/28 12:0 a.m.7 views

CVE-2022-39367 Vulnerability in handling of uploaded QTI ZIP files

QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...

8.6CVSS7.2AI score0.00951EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/10/28 12:0 a.m.16 views

CVE-2022-39367 Vulnerability in handling of uploaded QTI ZIP files

QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...

8.6CVSS8.7AI score0.00951EPSS
Exploits1References3
CVE
CVE
added 2022/10/28 12:0 a.m.67 views

CVE-2022-39367

Summary of CVE-2022-39367 (QTIWorks) : Prior to version 1.0-beta15, QTIWorks Engine allows uploading QTI content ZIP packages. The ZIP handling code does not properly validate file paths inside ZIPs, enabling insertion of files into arbitrary locations writable by the Engine process and potential...

8.6CVSS7.1AI score0.00951EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder