GHSA-8wq7-hhjj-fpqv

Опубликовано: 22 янв. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

RCE in Mingsoft MCMS

A remote code execution (RCE) vulnerability in the Template Management function of MCMS allows attackers to execute arbitrary code via a crafted payload.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-22930
https://github.com/ming-soft/MCMS/issues/98
https://web.archive.org/web/20220201022121/https://gitee.com/mingSoft/MCMS/issues/I4Q4M6

Пакеты

Наименование

net.mingsoft:ms-mcms

maven

Затронутые версииВерсия исправления

< 5.2.9

5.2.9

EPSS

Процентиль: 93%

0.10718

Средний

9.8 Critical

CVSS3

CVE ID

CVE-2022-22930

Дефекты

CWE-1336

Связанные уязвимости

CVE-2022-22930

CVSS3: 9.8

nvd

около 4 лет назад

A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.

EPSS

Процентиль: 93%

0.10718

Средний

9.8 Critical

CVSS3

CVE ID

CVE-2022-22930

Дефекты

CWE-1336