CVE-2022-27438
published 2022-06-06CVE-2022-27438: Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code…
PriorityP351high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
2.38%
81.8th percentile
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.
Affected
69 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 3cx | call_flow_designer | — | — |
| 3cx | crm_template_generator | — | — |
| boom | boomtv_streamer_portal | — | — |
| caphyon | advanced_installer | < 19.4 | 19.4 |
| codesector | direct_folders | — | — |
| codesector | teracopy | — | — |
| emeditor | emeditor | — | — |
| flamory | flamory | — | — |
| freesnippingtool | free_snipping_tool | — | — |
| fxsound | fxsound | — | — |
| gainedge | better_explorer | — | — |
| gamecaster | gamecaster | — | — |
| getmailbird | mailbird | — | — |
| guzogo | guzogo | — | — |
| honeygain | honeygain | — | — |
| jki | vi_package_manager | — | — |
| jpsoft | take_command | — | — |
| krylack | archive_password_recovery | — | — |
| krylack | asterisks_password_decryptor | — | — |
| krylack | burning_suite | — | — |
| krylack | rar_password_recovery | — | — |
| krylack | volume_serial_number_editor | — | — |
| krylack | zip_password_recovery | — | — |
| moonsoftware | password_agent | — | — |
| nefarius | scptoolkit | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-06
Published