CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.3%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://grimthereaperteam.medium.com/snipe-it-version-v6-0-2-file-upload-cross-site-scripting-c02e46fa72ab
https://grimthereaperteam.medium.com/snipe-it-version-v6-0-2-file-upload-cross-site-scripting-c02e46fa72ab

Products affected by CVE-2022-32061

Snipeitapp » Snipe-It » Version: 6.0.2

cpe:2.3:a:snipeitapp:snipe-it:6.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-32061

Products

Pricing

Contact Us