Skip to main content

Publify CVE-2022-1811

MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2022-05-23 security@huntr.dev
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 23, 2022 - 16:16 nvd
MEDIUM 5.4

DescriptionNVD

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.

AnalysisAI

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. Affected products include: Publify Project Publify. Version information: prior to 9.2.9..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2023-0299 CRITICAL POC
9.8 Jan 14

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. Rated critical severity (CVSS 9.8), this

CVE-2022-0578 MEDIUM POC
6.5 May 16

Code Injection in GitHub repository publify/publify prior to 9.2.8. Rated medium severity (CVSS 6.5), this vulnerability

CVE-2022-0574 MEDIUM POC
6.5 May 16

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Rated medium severity (CVSS 6.5), this vuln

CVE-2022-1553 MEDIUM POC
4.9 May 16

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to

CVE-2022-1810 MEDIUM POC
4.3 May 23

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. Rated medium sever

CVE-2023-0569 MEDIUM
6.5 Jan 29

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. Rated medium severity (CVSS 6.5), this

CVE-2021-25973 MEDIUM
6.5 Nov 02

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. Rated medium severity (CVSS 6.5), this vulner

CVE-2024-39311 LOW POC
1.8 Mar 28

Publify is a self hosted Web publishing platform on Rails. Rated low severity (CVSS 1.8), this vulnerability is remotely

CVE-2021-25975 MEDIUM
5.4 Nov 10

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. Rated mediu

CVE-2021-25974 MEDIUM
5.4 Nov 10

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability i

Share

CVE-2022-1811 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy