CVE-2022-39833
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/11/2022
Last modified:
25/04/2025
Description
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:filecloud:filecloud:*:*:*:*:*:*:*:* | 20.2 (including) | 21.3.7.18607 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gist.github.com/DylanGrl/4b4e0d53bb7626b2ab3f834ec5a2b23c
- https://www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution
- https://gist.github.com/DylanGrl/4b4e0d53bb7626b2ab3f834ec5a2b23c
- https://www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution