Question 1

What is CVE-2022-45338 — CVE-2022-45338?

Accepted Answer

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.

Question 2

What is the authoritative source for CVE-2022-45338?

Accepted Answer

CVE-2022-45338 (CVE-2022-45338) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	7.8 ()
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS	0.22% probability of exploitation · percentile 12.7% · 2026-06-19T12:03:05Z
Last modified	2026-06-17

CVE-2022-45338CVE-2022-45338

Description

Scoring