An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.
References
Link | Resource |
---|---|
https://github.com/strapi/strapi | Third Party Advisory |
https://www.youtube.com/watch?v=LEeabouqRrg | Exploit Third Party Advisory |
Configurations
History
19 Apr 2022, 19:28
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-434 | |
CPE | cpe:2.3:a:strapi:strapi:4.1.5:*:*:*:*:*:*:* | |
First Time |
Strapi strapi
Strapi |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (MISC) https://github.com/strapi/strapi - Third Party Advisory | |
References | (MISC) https://www.youtube.com/watch?v=LEeabouqRrg - Exploit, Third Party Advisory |
12 Apr 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-12 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-27263
Mitre link : CVE-2022-27263
CVE.ORG link : CVE-2022-27263
JSON object : View
Products Affected
strapi
- strapi
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type