cve/CVE-2022-25237.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

1.3 KiB

Raw Permalink Blame History

CVE-2022-25237

Description

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions.

POC

Reference

https://rhinosecuritylabs.com/application-security/cve-2022-25237-bonitasoft-authorization-bypass/

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/H4cksploit/CVEs-master
https://github.com/Mayukh-Ghara/Meerkat-Analysis-Report
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/RhinoSecurityLabs/CVEs
https://github.com/lions2012/Penetration_Testing_POC
https://github.com/merlinepedra/RHINOECURITY-CVEs
https://github.com/merlinepedra25/RHINOSECURITY-CVEs
https://github.com/xuetusummer/Penetration_Testing_POC

1.3 KiB Raw Permalink Blame History

CVE-2022-25237

Description

POC

Reference

Github

1.3 KiB

Raw Permalink Blame History