Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2022-29622

Published: 16/05/2022 Updated: 26/04/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Formidable

Vulnerability Summary

An arbitrary file upload vulnerability in formidable v3.1.4 allows malicious users to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled. Strapi does not consider this to be a valid vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

formidable project formidable 3.1.4

Vendor Advisories

Debian CVElist Bug Report Logs: node-formidable: CVE-2022-29622 - attackers able to execute arbitrary code via file upload
Debian Bug report logs - #1011341 node-formidable: CVE-2022-29622 - attackers able to execute arbitrary code via file upload Package: src:node-formidable; Maintainer for src:node-formidable is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Neil Williams <codehelp@debianorg> ...

Github Repositories

https://github.com/keymandll/CVE-2022-29622

Hack this service to prove CVE-2022–29622 is valid

CVE-2022–29622: (In)vulnerability Analysis THIS PROJECT HAS BEEN MOVED to GitLab here: gitlabcom/Keymandll/cve-2022-29622 This codebase was created to help security professionals and developers to understand why Formidable was not vulnerable to CVE-2022-29622

References

CWE-434https://www.youtube.com/watch?v=C6QPKooxhAohttps://github.com/node-formidable/formidable/issues/856https://github.com/node-formidable/formidable/issues/862https://medium.com/%40zsolt.imre/is-cybersecurity-the-next-supply-chain-vulnerability-9a00de745022https://github.com/strapi/strapi/issues/20189https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011341https://nvd.nist.govhttps://github.com/keymandll/CVE-2022-29622
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook