□ Overview
o eyoom Co.,Ltd released security update to address remote code execution vulnerability in eyoom builder.
□ Description
o Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program.
o A remote attacker could exploit the vulnerability to execute or inject malicious code.
□ Affected Product
□ Solution
o Update software over eyoom builder 4.5.4 version or higher.
□ Reference
[1] https://eyoom.net/
□ Acknowledgements
o Thanks to Jinseong Lee for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀
o eyoom Co.,Ltd released security update to address remote code execution vulnerability in eyoom builder.
| Vulnerability Type | Impact | Severity | CVSS Score | CVE ID |
|---|---|---|---|---|
| Local File Inclusion, Path Traversal |
remote code execution | High | 7.2 | CVE-2022-41158 |
□ Description
o Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program.
o A remote attacker could exploit the vulnerability to execute or inject malicious code.
□ Affected Product
| Product | Version | Platform |
|---|---|---|
| eyoom builder | prior of 4.5.3 | Linux |
□ Solution
o Update software over eyoom builder 4.5.4 version or higher.
□ Reference
[1] https://eyoom.net/
□ Acknowledgements
o Thanks to Jinseong Lee for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀