CVE-2022-29932

HIGH

PRIMEUR SPAZIO 2.5.1.954 - Unauthenticated Sensitive Data Exposure via HTTP Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-29932. PoCs published by Off3nS3c.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2022-29932, an information disclosure vulnerability in Primeur Spazio MFT. It explains how crafted HTTP requests can trigger a memory leak, exposing sensitive file content.

Description

The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.

Exploits (1)

nomisec WRITEUP 1 stars

by Off3nS3c · poc

https://github.com/Off3nS3c/CVE-2022-29932

View Code ZIP pw:eip

The repository provides a detailed technical analysis of CVE-2022-29932, an information disclosure vulnerability in Primeur Spazio MFT. It explains how crafted HTTP requests can trigger a memory leak, exposing sensitive file content.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Primeur Spazio 2.5.1.954

No auth needed

Prerequisites: Access to the target server · Knowledge of directory structure

MITRE ATT&CK

T1083 - File and Directory Discovery T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://www.primeur.com/managed-file-transfer

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Off3nS3c/CVE-2022-29932/blob/main/Proof-of-Concept.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0254

EPSS Percentile 83.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-401

Status published

Products (1)

primeur/spazio 2.5.1.954

Published May 11, 2022

Tracked Since Feb 18, 2026