CVE-2022-42496

OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.
References
Link Resource
https://jvn.jp/en/jp/JVN56968681/index.html Third Party Advisory
https://github.com/kujirahand/nadesiko3/issues/1325 Issue Tracking Patch Third Party Advisory
https://github.com/kujirahand/nadesiko3/issues/1347 Issue Tracking Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:kujirahand:nadesiko3:*:*:*:*:*:*:*:*

Information

Published : 2022-12-04 20:15

Updated : 2023-02-03 11:47


NVD link : CVE-2022-42496

Mitre link : CVE-2022-42496


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

kujirahand

  • nadesiko3