CVE-2022-0472

Published: Feb 4, 2022Modified: Jun 17, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9.

Affected (1)

Products: Laracom Project: Laracom

Laracom Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Laracom Project Laracom	Before 2.0.9

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://github.com/jsdecena/laracom/commit/256026193ce994dc4c1365e02f414d8a0cd77ae8

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/cb5b8563-15cf-408c-9f79-4871ea0a8713

Source: security@huntr.dev

ExploitThird Party Advisory

https://github.com/jsdecena/laracom/commit/256026193ce994dc4c1365e02f414d8a0cd77ae8

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/cb5b8563-15cf-408c-9f79-4871ea0a8713

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.