CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-32060

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.05

EPSS Ranking 89.3%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://github.com/bypazs/CVE-2022-32060
https://grimthereaperteam.medium.com/snipe-it-version-v6-0-2-file-upload-cross-site-scripting-b15becc1a5ea
https://github.com/bypazs/CVE-2022-32060
https://grimthereaperteam.medium.com/snipe-it-version-v6-0-2-file-upload-cross-site-scripting-b15becc1a5ea

Products affected by CVE-2022-32060

Snipeitapp » Snipe-It » Version: 6.0.2

cpe:2.3:a:snipeitapp:snipe-it:6.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-32060

Products

Pricing

Contact Us