Last active
June 30, 2022 04:11
-
-
Save securylight/79f673aa3a453c80c0e78f356a8f650b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2022-29774 | |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |
Score: 9.8 (Critical) | |
Vulnerble product version: iSpy Connect 7.2.2.0 | |
Vulnerability type: Directory traversal(CWE-35) and Command Execution(CWE-78) | |
Vulnerability Description: iSpyConnect iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal | |
Therefore, a malicious actor could run an executable of her choice in the vulnerable server. | |
CVE-2022-29775 | |
CVSS:CVSS: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |
Score: 9.8 (Critical) | |
Vulnerble product version: iSpy Connect 7.2.2.0 | |
Vulnerability type: Improper authentication (CWE-287) | |
Vulnerability Description: iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment