CVE-2022-45891
CRITICAL WAF: Low
CVSS 9.1
Published: 2022-12-25
CWE-863 CWE-863
Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList).
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| planetestream | planet_estream | up to 6.72.10.07 |
References
- sec-consult.com (Exploit, Third Party Advisory)