SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
References
| Link | Resource |
|---|---|
| http://siteserver.com | Not Applicable |
| https://github.com/Richard-Tang/SSCMS-PluginShell/blob/main/Detail.md | Exploit Third Party Advisory |
| https://github.com/siteserver/cms | Product Third Party Advisory |
| https://github.com/siteserver/cms/issues/3386 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
11 May 2022, 00:19
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
| CWE | NVD-CWE-noinfo | |
| References | (MISC) http://siteserver.com - Not Applicable | |
| References | (MISC) https://github.com/siteserver/cms/issues/3386 - Exploit, Issue Tracking, Third Party Advisory | |
| References | (MISC) https://github.com/Richard-Tang/SSCMS-PluginShell/blob/main/Detail.md - Exploit, Third Party Advisory | |
| References | (MISC) https://github.com/siteserver/cms - Product, Third Party Advisory | |
| CPE | cpe:2.3:a:sscms:siteserver_cms:*:*:*:*:*:*:*:* |
03 May 2022, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-05-03 01:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-28118
Mitre link : CVE-2022-28118
CVE.ORG link : CVE-2022-28118
JSON object : View
Products Affected
sscms
- siteserver_cms
CWE