CVE-2022-22929
published 2022-01-21CVE-2022-22929: MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.58%
83.2th percentile
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mingsoft | mcms | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Arbitrary File Upload in Mingsoft MCMS
osv·2022-01-22
CVE-2022-22929 [CRITICAL] Arbitrary File Upload in Mingsoft MCMS
Arbitrary File Upload in Mingsoft MCMS
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
GHSA
Arbitrary File Upload in Mingsoft MCMS
ghsa·2022-01-22
CVE-2022-22929 [CRITICAL] CWE-434 Arbitrary File Upload in Mingsoft MCMS
Arbitrary File Upload in Mingsoft MCMS
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-21
Published