{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2022-50973", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-11T13:34:26.334Z", "datePublished": "2026-07-02T17:04:20.487Z", "dateUpdated": "2026-07-02T19:44:37.756Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-07-02T17:04:37.893Z" }, "title": "Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet", "descriptions": [ { "lang": "en", "value": "Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any authentication, file type, extension, or content validation. Attackers can upload a JSP webshell by specifying a malicious filename and root filepath, with the uploaded file stored under the pictures directory and directly executed by the web server, resulting in unauthenticated remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2023-11-07 (UTC)." } ], "tags": [ "x_known-exploited-vulnerability" ], "datePublic": "2022-10-05T00:00:00.000Z", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-434", "description": "Unrestricted Upload of File with Dangerous Type", "type": "CWE" } ] } ], "affected": [ { "defaultStatus": "affected", "vendor": "Yonyou Network Technology Co., Ltd.", "product": "KSOA", "versions": [ { "status": "affected", "version": "9.0", "versionType": "custom" } ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV4_0": { "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" } }, { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } } ], "references": [ { "url": "https://cn-sec.com/archives/1329088.html", "name": "Researcher Disclosure (1)", "tags": [ "technical-description", "exploit" ] }, { "url": "https://buaq.net/go-167023.html", "name": "Researcher Disclosure (2)", "tags": [ "exploit", "technical-description" ] }, { "url": "https://www.cnblogs.com/yang-miemie/p/17714927.html", "name": "Researcher Disclosure (3)", "tags": [ "technical-description", "exploit" ] }, { "url": "https://www.yonyou.com/", "name": "Vendor Homepage", "tags": [ "product" ] }, { "url": "https://www.vulncheck.com/advisories/yonyou-ksoa-unauthenticated-file-upload-rce-via-imageupload-servlet", "tags": [ "third-party-advisory" ] } ], "credits": [ { "lang": "en", "value": "The Shadowserver Foundation", "type": "reporter" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "vulncheck" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-07-02T19:33:50.891682Z", "id": "CVE-2022-50973", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-07-02T19:44:37.756Z" } } ] } }