Exploit !full! | Vdesk Hangupphp3

| CVE ID | Description | Severity (CVSS) | Impacted Versions | | :--- | :--- | :--- | :--- | | | Unrestricted File Upload leading to Remote Code Execution (RCE) via the vShare section. | High (8.8) | <= v018 | | CVE-2022-45172 | Broken Access Control allowing privilege escalation to administrator. | Critical (9.8) | < v018 | | CVE-2022-45168 | 2FA Bypass via backup code generation before TOTP verification. | Medium (6.5) | <= v018 | | CVE-2022-45176 | Stored Cross-Site Scripting (XSS) via the vShare uri parameter. | Medium (5.4) | <= v018 | | CVE-2022-45177 | Information Disclosure (Observable Response Discrepancy) revealing internal states. | High (7.5) | <= v031 |

Conceptually, the vulnerable backend code mirrored this pattern: vdesk hangupphp3 exploit

I can provide to block this attack entirely. Share public link | CVE ID | Description | Severity (CVSS)