{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T19:32:10.411","vulnerabilities":[{"cve":{"id":"CVE-2022-41711","sourceIdentifier":"help@fluidattacks.com","published":"2022-10-25T21:15:49.150","lastModified":"2025-05-07T20:15:22.050","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users."},{"lang":"es","value":"Badaso versión 2.6.0, permite a un atacante remoto no autenticado ejecutar código arbitrario de forma remota en el servidor. Esto es posible porque la aplicación no comprueba apropiadamente los datos descargados por los usuarios"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uatech:badaso:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F747296-3BE2-4660-95EB-C68E72A79EAF"}]}]}],"references":[{"url":"https://fluidattacks.com/advisories/harlow/","source":"help@fluidattacks.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/uasoft-indonesia/badaso/issues/802","source":"help@fluidattacks.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://fluidattacks.com/advisories/harlow/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/uasoft-indonesia/badaso/issues/802","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}}]}