CVE-2022-46493
CRITICAL WAF: Medium
CVSS 9.8
Published: 2022-12-22
CWE-434 CWE-434
Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| nbnbk_project | nbnbk | - |
References
- github.com (Exploit, Issue Tracking, Third Party Advisory)