CVE-2022-4302
published 2023-01-02CVE-2022-4302: The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to…
PriorityP349high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
17.69%
96.8th percentile
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| videousermanuals | white_label_cms | < 2.5 | 2.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Zoho ManageEngine - Access Control Bypass
nuclei·CVSS 9.8
CVE-2022-29081 [CRITICAL] Zoho ManageEngine - Access Control Bypass
Zoho ManageEngine - Access Control Bypass
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
Template:
id: CVE-2022-29081
info:
name: Zoho ManageEngine - Access Control Bypass
author: 0xanis
severity: critical
description: |
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
impact: |
No writeups or analysis indexed.
2023-01-02
Published