CVE-2022-23766 HIGH

CVE-2022-23766: BigFileAgent arbitrary file execution vulnerability

Vendor Bluetree Co., Ltd
Product BigFileAgent
Weakness CWE-20 · Input validation
Published September 19, 2022
Last update May 29, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website.

Key dates

02Disclosure timeline

September 19, 2022 CVE published
May 29, 2025 Record updated