Lucene search

[email protected]CVE-2022-25411

HistoryFeb 28, 2022 - 11:15 p.m.

CVE-2022-25411

2022-02-2823:15:12

CWE-434

[email protected]

web.nvd.nist.gov

cve-2022-25411

remote code execution

rce

maxsite cms

nvd

security vulnerability

php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file.

Affected configurations

NVD

Node

max-3000maxsite_cmsMatch108

CPENameOperatorVersion
max-3000:maxsite_cmsmax-3000 maxsite cmseq108

CPE	Name	Operator	Version
max-3000:maxsite_cms	max-3000 maxsite cms	eq	108

References

github.com/maxsite/cms/issues/487

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for CVE-2022-25411

nvd1 cvelist1 prion1 osv1