Home > Vulnerability Database > CVE-2022-24553

Mend.io Vulnerability Database

CVE-2022-24553

Good to know:

Date: February 21, 2022

An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution.

Language: PHP

Severity Score

9.8

Related Resources (4)

Url: https://www.cnblogs.com/J0o1ey/p/15858138.html

Url: https://github.com/zfaka-plus/zfaka/issues/260

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24553

Url: https://www.mend.io/vulnerability-database/CVE-2022-24553

Severity Score

9.8

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

Top Fix

Upgrade Version

Upgrade to version imiphp/imi - dev-fix-init-throw;imiphp/imi - dev-update-yurunhttp-5;imiphp/imi - dev-fix-php8.1;imiphp/imi - dev-amqp;imiphp/imi - v2.0.0;imiphp/imi - dev-windows-test;imiphp/imi - dev-getConnectionCount;imiphp/imi - no_fix;imiphp/imi - dev-fix-monolog-2.7;imiphp/imi - dev-container-newInstance;imiphp/imi - v2.1.19;imiphp/imi - dev-fix-20220413;imiphp/imi - dev-support-ipv6;imiphp/imi - dev-uri-ssl;imiphp/imi - v2.1.60;imiphp/imi - dev-amqp-3.0;imiphp/imi - v1.3.12;imiphp/imi - dev-pgsql-4.8;imiphp/imi - v2.0.3;imiphp/imi - 2.1.x-dev;imiphp/imi - dev-opt-20220222;imiphp/imi - dev-rate-limit-20231010;imiphp/imi - dev-disable-middleware;imiphp/imi - dev-fix-doc-var-type;imiphp/imi - dev-test-split;imiphp/imi - 2.0.x-dev;imiphp/imi - v2.0.41;imiphp/imi - dev-fix-501;imiphp/imi - dev-auto-tag;imiphp/imi - dev-fix-20231107;imiphp/imi - dev-opt-queue-redis-pool;imiphp/imi - dev-fix-113;imiphp/imi - dev-fix-355;imiphp/imi - dev-RequestContextCache;imiphp/imi - v1.3.8;imiphp/imi - dev-model-alias-property;imiphp/imi - dev-fix-amqp-consumer;imiphp/imi - dev-defer;imiphp/imi - v2.1.4;imiphp/imi - v2.0.26;imiphp/imi - dev-partition;imiphp/imi - dev-deprecated-hprose;imiphp/imi - dev-fix-583;imiphp/imi - dev-pure-intersection-types;imiphp/imi - dev-opt-init;imiphp/imi - v2.0.8;imiphp/imi - dev-rr-test;imiphp/imi - dev-fix-scan;imiphp/imi - v2.0.11;imiphp/imi - dev-fix-annotation-3.0;imiphp/imi - v2.0.36;imiphp/imi - v2.1.14;imiphp/imi - dev-requestContext-3.0;imiphp/imi - dev-fix-checkCodeIsOffline;imiphp/imi - v2.1.22;imiphp/imi - dev-opt-async;imiphp/imi - v2.0.31;imiphp/imi - dev-fix-singleton;imiphp/imi - v2.1.7;imiphp/imi - dev-opt-code;imiphp/imi - dev-fix-command;imiphp/imi - dev-fix-pgsql-20230831;imiphp/imi - v2.0.22;linphp/linrapid - 1.0;linphp/linrapid - no_fix;linphp/linrapid - 2.6;yurunsoft/imi - dev-fix-355;yurunsoft/imi - dev-container-newInstance;yurunsoft/imi - dev-swoole-5.0-2.0;yurunsoft/imi - dev-fix-583;yurunsoft/imi - dev-process-communication;yurunsoft/imi - dev-fix-113;yurunsoft/imi - v2.0.26;yurunsoft/imi - v2.0.42;yurunsoft/imi - dev-fix-amqp-consumer;yurunsoft/imi - dev-fix-pgsql-20230831;yurunsoft/imi - v2.0.8;yurunsoft/imi - dev-chunk;yurunsoft/imi - dev-fix-redisModel;yurunsoft/imi - dev-fix-init-throw;yurunsoft/imi - dev-validate;yurunsoft/imi - dev-opt-20220222;yurunsoft/imi - dev-fix-command;yurunsoft/imi - dev-support-ipv6;yurunsoft/imi - v2.1.3;yurunsoft/imi - 1.3.0.x-dev;yurunsoft/imi - dev-fix-monolog-2.7;yurunsoft/imi - dev-optimize-runtime;yurunsoft/imi - dev-fix-checkCodeIsOffline;yurunsoft/imi - dev-fix-reflection-static;yurunsoft/imi - dev-requestContext-3.0;yurunsoft/imi - dev-grpc-up;yurunsoft/imi - dev-format-20221118;yurunsoft/imi - dev-opt-async;yurunsoft/imi - dev-opt-grpc;yurunsoft/imi - dev-deprecated-3.0;yurunsoft/imi - dev-add-pdo-lob;yurunsoft/imi - dev-fix-event-in-on-off;yurunsoft/imi - dev-auto-tag;yurunsoft/imi - dev-update-yurunhttp-5;yurunsoft/imi - v2.1.15;yurunsoft/imi - v2.0.19;yurunsoft/imi - dev-windows-test;yurunsoft/imi - v2.1.61;yurunsoft/imi - dev-model-3.0;yurunsoft/imi - v2.0.0;yurunsoft/imi - dev-fix-process-pool;yurunsoft/imi - dev-route;yurunsoft/imi - v1.3.7;yurunsoft/imi - v2.0.32;yurunsoft/imi - no_fix;yurunsoft/imi - dev-redisModel-safeDelete;yurunsoft/imi - 2.1.x-dev;yurunsoft/imi - dev-pgsql-4.8;yurunsoft/imi - dev-deprecated-hprose;yurunsoft/imi - dev-rate-limit-20231010;yurunsoft/imi - dev-fix-20220413;yurunsoft/imi - dev-request;yurunsoft/imi - v2.1.20;yurunsoft/imi - dev-componets-info;yurunsoft/imi - dev-fix-pgsql-replace;yurunsoft/imi - v1.3.16;yurunsoft/imi - v1.3.10;yurunsoft/imi - dev-fix-workerman-daemon-log;yurunsoft/imi - dev-fix-macos-2.1;yurunsoft/imi - dev-getConnectionCount;yurunsoft/imi - dev-3.0-version;yurunsoft/imi - dev-opt-queue-redis-pool;yurunsoft/imi - dev-test-split;yurunsoft/imi - dev-fix-pgsql-model;yurunsoft/imi - v2.0.34;yurunsoft/imi - dev-async;yurunsoft/imi - v2.0.14;mpf/mpf-skeleton - no_fix;ceroot/acms - no_fix;yurunsoft/mddoc - v1.2.0;yurunsoft/mddoc - no_fix;azhai/hack-igniter - no_fix;azhai/hack-igniter - v0.8;charleschan888/vedio-project - no_fix;shuxian/tp6-apidoc - no_fix;LayUI - 2.2.4;LayUI - 2.4.0;zxf/xfadmin - 1.0.0;zoujingli/thinkadmin - v4.0.0;xdd/x-template - no_fix;zsd/yii2-gii-h - 1.0.0;okcoders/think5-apidoc-new - no_fix;jonas-huang/layui-admin - no_fix;zhangsong9008/thinkadmin - v4.x-dev;wangliang/laravel-admin - no_fix;wula/jqadmin - v1.3.6;fdd/think-apidoc - no_fix;samadmin/samadmin - no_fix;longcz/autoapi - no_fix;zerolone/zdoc - no_fix;jackchow/rbacshow - v1.0;yirius/icesadmin - 1.3.0;huangdingbo/dsj_yii2_template - no_fix;guozhaoxuan/php-apidoc - v1.0.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-24553

Good to know:

Date: February 21, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?