CVE-2022-23766

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:bigfile:bigfileagent:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type Values Removed Values Added
References () https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66925 - Third Party Advisory () https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66925 - Third Party Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.8

27 Jun 2023, 02:43

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-19 20:15

Updated : 2024-11-21 06:49


NVD link : CVE-2022-23766

Mitre link : CVE-2022-23766

CVE.ORG link : CVE-2022-23766


JSON object : View

Products Affected

bigfile

  • bigfileagent

microsoft

  • windows
CWE
CWE-20

Improper Input Validation