CVE-2022-45184 Information

Description

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory which allows a remote attacker with administrator privilege to create delete update and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7.

Reference

https://docs.powershelluniversal.com/changelog https://blog.ironmansoftware.com/psu-2022-11-cve/ https://ironmansoftware.com