CVE-2022-45894

CVSS V2 None CVSS V3 None

Description

GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files.

Overview

CVE ID
CVE-2022-45894

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2022-12-25T05:15:11

Last Modified Date
2023-01-04T18:44:44

Weakness Enumerations

CWE	URL
CWE-22	http://cwe.mitre.org/data/definitions/22.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:planetestream:planet_estream::::::::	1	OR		6.72.10.07

References

Reference URL	Reference Tags
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-45894
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45894

History

Created	Old Value	New Value	Data Type	Notes
2022-12-25 05:15:57				Added to TrackCVE
2022-12-27 14:15:40		2022-12-27T13:48:11	CVE Modified Date	updated
2022-12-27 14:15:40	Received	Awaiting Analysis	Vulnerability Status	updated
2022-12-29 18:17:15	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-04 19:14:45		2023-01-04T18:44:44	CVE Modified Date	updated
2023-01-04 19:14:45	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-04 19:14:46			Weakness Enumeration	new
2023-01-04 19:14:48			CPE Information	updated