CVE Catalog

CVE-2022-50973

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.86%

54th percentile — higher than 54% of all known CVEs

Summary

An unauthenticated arbitrary file upload vulnerability in Yonyou KSOA 9.0 allows remote code execution via a crafted POST request to the ImageUpload servlet. Attackers can upload a JSP webshell without any authentication or validation.

Risk Assessment

The organization faces complete server compromise by an unauthenticated attacker, potentially leading to data theft, malware installation, or further network intrusions.

Recommendation

Immediately update Yonyou KSOA to the latest version or apply available security patches. If updating is not possible, restrict access to the ImageUpload servlet from untrusted networks.

Original NVD description (English source)

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any authentication, file type, extension, or content validation. Attackers can upload a JSP webshell by specifying a malicious filename and root filepath, with the uploaded file stored under the pictures directory and directly executed by the web server, resulting in unauthenticated remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2023-11-07 (UTC).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS