This arbitrary code can be executed in a logged-in administrator user via a specially-crafted PHP file. This arbitrary code can be used to steal data, redirect to another site, or perform any other action an attacker chooses. This arbitrary code can be executed in a logged-in administrator user via a specially-crafted PHP file. This arbitrary code can be used to steal data, redirect to another site, or perform any other action an attacker chooses. Remote Code Execution through php.ini Setting An arbitrary code execution vulnerability in the component /leave_system/classes/Users.php?f=save allows attackers to execute arbitrary code via a specially-crafted PHP file. An arbitrary code execution vulnerability in the component /leave_system/classes/Users.php?f=save allows attackers to execute arbitrary code via a specially-crafted PHP file. This arbitrary code can be used to steal data, redirect to another site, or perform any other action an attacker chooses. This arbitrary code can be used to steal data, redirect to another site, or perform any other action an attacker chooses. Remote Code Execution through php.ini Setting An arbitrary code execution vulnerability in the component /leave_system/classes/Users.php?f=save allows attackers to execute arbitrary code via a specially-crafted PHP file. An arbitrary code execution vulnerability in the component /leave_system/classes/Users.php?f=save allows attackers to execute arbitrary code via a specially-crafted PHP file

Summary

An arbitrary code execution vulnerability in the component /leave_system/classes/Users.php?f=save allows attackers to execute arbitrary code via a specially-crafted PHP file. This arbitrary code can be used to steal data, redirect to another site, or perform any other action an attacker chooses. Remote Code Execution through php.ini Setting An arbitrary code execution vulnerability in the component /leave_system/classes/Users.php?f=save allows attackers to execute arbitrary code via a specially-crafted PHP file. This arbitrary code can be used to steal data, redirect to another site, or perform any other action an attacker chooses. Remote Code Execution through php.ini Setting An arbitrary code execution vulnerability in the component /leave_system/classes/Users.php?f=save allows attackers to execute arbitrary code via a specially-crafted PHP file
CVE-2022-41379
This is a type confusion vulnerability that occurs when two different types are either mixed or assigned incorrectly; this results in different behavior than expected and may allow for unauthorized access of the accounts or files of vulnerable systems and users
A type confusion vulnerability that occurs when two different types are either mixed or assigned incorrectly; this may result in unauthorized access of the accounts or files of vulnerable systems and users

Description

This arbitrary code can be executed in a logged-in administrator user via a specially-crafted PHP file. This arbitrary code can be used to steal data, redirect to another site, or perform any other action an attacker chooses. This arbitrary code can be executed in a logged-in administrator user via a specially-crafted PHP file. This arbitrary code can be used to steal data, redirect to another site, or perform any other action an attacker chooses. Remote Code Execution through php.ini Setting An arbitrary code execution vulnerability in the component /leave_system/classes/Users.php?f=save allows attackers to execute arbitrary code via a specially-crafted PHP file. An arbitrary code execution vulnerability in the component /leave_system/classes/Users.php?f=save allows attackers to execute arbitrary code via a specially-crafted PHP file

Timeline

Published on: 10/07/2022 19:15:00 UTC
Last modified on: 10/11/2022 13:04:00 UTC

References