CVE Vulnerability
CVE-2022-24254
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
References
| Link | Resource |
|---|---|
| http://extensis.com | Product |
| http://portfolio.com | Not Applicable |
| https://snyk.io/research/zip-slip-vulnerability | Technical Description Third Party Advisory |
| https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ | Exploit Third Party Advisory |
Configurations
Configuration 1
|
Information
Published : 2022-03-01 11:15
Updated : 2022-03-09 04:20
NVD link : CVE-2022-24254
Mitre link : CVE-2022-24254
Products Affected
No products.
CWE