CVE-2022-44006

Published: Nov 16, 2022

Modified: Apr 30, 2025

PUBLISHED

Description

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-031.txt

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-44006

Description

Affected Products

References