Miggo Logo

CVE-2022-0242: Unrestricted Upload of File with Dangerous Type in Crater

7.2

CVSS Score
3.0

Basic Information

EPSS Score
0.64731%
Published
1/21/2022
Updated
2/3/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
bytefury/cratercomposer< 6.06.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff and vulnerability reports indicate that the issue is related to unrestricted file upload. The changes to the company logo and avatar upload functionality suggest that these functions are vulnerable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Unr*stri*t** Uplo** o* *il* wit* **n**rous Typ* in *it*u* r*pository *r*t*r-invoi**/*r*t*r prior to *.*.

Reasoning

T** *ommit *i** *n* vuln*r**ility r*ports in*i**t* t**t t** issu* is r*l*t** to unr*stri*t** *il* uplo**. T** ***n**s to t** *omp*ny lo*o *n* *v*t*r uplo** *un*tion*lity su***st t**t t**s* *un*tions *r* vuln*r**l*.