Vulnerability Details CVE-2022-43748
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.0%
CVSS Severity
CVSS v3 Score 5.8
References
Products affected by CVE-2022-43748
-
cpe:2.3:a:synology:presto_file_server:1.1.0-0101
-
cpe:2.3:a:synology:presto_file_server:1.1.1-0105
-
cpe:2.3:a:synology:presto_file_server:1.1.2-0109
-
cpe:2.3:a:synology:presto_file_server:1.2.0-0163
-
cpe:2.3:a:synology:presto_file_server:1.2.1-0165
-
cpe:2.3:a:synology:presto_file_server:1.3.0-0229
-
cpe:2.3:a:synology:presto_file_server:1.3.1-0235
-
cpe:2.3:a:synology:presto_file_server:2.0.0-0332
-
cpe:2.3:a:synology:presto_file_server:2.0.1-0335
-
cpe:2.3:a:synology:presto_file_server:2.1.0-0427
-
cpe:2.3:a:synology:presto_file_server:2.1.1-0583
-
cpe:2.3:a:synology:presto_file_server:2.1.1-1593
-
cpe:2.3:a:synology:presto_file_server:2.1.2-0601
-
cpe:2.3:a:synology:presto_file_server:2.1.2-1600