cbcvebase.
CVE-2022-27438
published 2022-06-06

CVE-2022-27438: Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code…

PriorityP351high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
2.38%
81.8th percentile
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Affected

69 ranges· showing 25
VendorProductVersion rangeFixed in
3cxcall_flow_designer
3cxcrm_template_generator
boomboomtv_streamer_portal
caphyonadvanced_installer< 19.419.4
codesectordirect_folders
codesectorteracopy
emeditoremeditor
flamoryflamory
freesnippingtoolfree_snipping_tool
fxsoundfxsound
gainedgebetter_explorer
gamecastergamecaster
getmailbirdmailbird
guzogoguzogo
honeygainhoneygain
jkivi_package_manager
jpsofttake_command
krylackarchive_password_recovery
krylackasterisks_password_decryptor
krylackburning_suite
krylackrar_password_recovery
krylackvolume_serial_number_editor
krylackzip_password_recovery
moonsoftwarepassword_agent
nefariusscptoolkit

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.