exploitDog

CVE-2022-37140

Опубликовано: 14 сент. 2022

Источник: nvd

CVSS3: 8

EPSS Низкий

Описание

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.

Ссылки

https://github.com/saitamang/POC-DUMP/tree/main/PayMoney
Exploit
Third Party Advisory
https://paymoney.techvill.org
Vendor Advisory
https://github.com/saitamang/POC-DUMP/tree/main/PayMoney
Exploit
Third Party Advisory
https://paymoney.techvill.org
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:techvill:paymoney:3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01632

Низкий

8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-v78j-fp7j-4hfj

CVSS3: 8

github

больше 3 лет назад

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.

EPSS

Процентиль: 82%

0.01632

Низкий

8 High

CVSS3

Дефекты

CWE-434