Arbitrary File Deletion Vulnerability in ScriptCase by NetMake
CVE-2022-32199

6.5MEDIUM

Key Information:

Vendor: Scriptcase
Status: Scriptcase
Vendor: CVE Published:; 27 March 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-32199?

The db_convert.php file in ScriptCase versions up to 9.9.008 is susceptible to an Arbitrary File Deletion vulnerability. This flaw allows an authenticated administrator to exploit a directory traversal sequence within the file parameter, potentially leading to unauthorized deletion of files within the server. It is essential for administrators to apply necessary patches and ensure secure access controls are in place to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-32199
Created by Toxich4

References

https://www.scriptcase.net/download/

https://github.com/Toxich4/CVE-2022-32199

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2023
🟡
Public PoC available
Mar 25, 2023
👾
Exploit known to exist
Mar 25, 2023
Vulnerability Reserved
Jun 1, 2022

JSON

Scriptcase

Badges

What is CVE-2022-32199?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.