CVE-2022-45338

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:exactsoftware:exact_synergy:500:sp1:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:500:-:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:500:sp2:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:500:sp3:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:500:sp4:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:500:sp5:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp1:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp2:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp3:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp4:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp5:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp6:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp7:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp8:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp9:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp10:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp11:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:sp12:*:*:enterprise:*:*:*
cpe:2.3:a:exactsoftware:exact_synergy:267:-:*:*:enterprise:*:*:*

Information

Published : 2022-12-15 15:15

Updated : 2022-12-21 06:20


NVD link : CVE-2022-45338

Mitre link : CVE-2022-45338


JSON object : View

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type

Advertisement

dedicated server usa

Products Affected

exactsoftware

  • exact_synergy