Miggo Logo

CVE-2022-41705: Badaso vulnerable to Remote Code Execution (RCE)

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.82784%
Published
11/25/2022
Updated
1/28/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
badaso/corecomposer< 2.7.02.7.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper file validation (CWE-434) leading to code execution (CWE-94). The exploit requires uploading a PHP file with an XML header to bypass security checks. The MediaController's file upload handler is the logical component that would process() uploads. Since the advisory explicitly mentions unauthenticated RCE via file upload and the patch was released in 2.7.0, this function likely lacked proper content-type validation and dangerous file type restrictions in vulnerable versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

****so v*rsion *.*.* *llows *n un*ut**nti**t** r*mot* *tt**k*r to *x**ut* *r*itr*ry *o** r*mot*ly on t** s*rv*r. T*is is possi*l* ****us* t** *ppli**tion *o*s not prop*rly v*li**t* t** **t* uplo**** *y us*rs.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *il* v*li**tion (*W*-***) l***in* to *o** *x**ution (*W*-**). T** *xploit r*quir*s uplo**in* * `P*P` *il* wit* *n XML *****r to *yp*ss s**urity ****ks. T** `M**i**ontroll*r`'s *il* uplo** **n*l*r is t** lo*i**l *