CVE-2022-41705: Badaso vulnerable to Remote Code Execution (RCE)

November 25, 2022 (updated April 29, 2025)

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

References

fluidattacks.com/advisories/headhunterz
github.com/advisories/GHSA-g389-rf5p-fg56
github.com/uasoft-indonesia/badaso
github.com/uasoft-indonesia/badaso/issues/818
nvd.nist.gov/vuln/detail/CVE-2022-41705

Code Behaviors & Features

Detect and mitigate CVE-2022-41705 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →