{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T02:33:32.288","vulnerabilities":[{"cve":{"id":"CVE-2022-41705","sourceIdentifier":"help@fluidattacks.com","published":"2022-11-25T18:15:10.980","lastModified":"2025-04-29T15:15:48.873","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users."},{"lang":"es","value":"La versión 2.6.3 de Badaso permite que un atacante remoto no autenticado ejecute código arbitrario de forma remota en el servidor. Esto es posible porque la aplicación no valida adecuadamente los datos cargados por los usuarios."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uatech:badaso:2.6.3:*:*:*:*:*:*:*","matchCriteriaId":"40BA014C-FC30-4A89-AF50-C47869048E82"}]}]}],"references":[{"url":"https://fluidattacks.com/advisories/headhunterz/","source":"help@fluidattacks.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/uasoft-indonesia/badaso/","source":"help@fluidattacks.com","tags":["Product"]},{"url":"https://fluidattacks.com/advisories/headhunterz/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/uasoft-indonesia/badaso/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}