CVE-2022-4257

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/siriuswhiter/VulnHub/blob/main/C-Data/rce1.md	Exploit Third Party Advisory
https://vuldb.com/?id.214631	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cdatatec:c-data_web_management_system:-:*:*:*:*:*:*:*

History

27 Jun 2023, 02:48

Type	Values Removed	Values Added
CWE	CWE-74 CWE-88 CWE-707	CWE-78

Information

Published : 2022-12-01 15:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-4257

Mitre link : CVE-2022-4257

CVE.ORG link : CVE-2022-4257

JSON object : View

Products Affected

cdatatec

c-data_web_management_system

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-707

Improper Neutralization

{"id": "CVE-2022-4257", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2022-12-01T15:15:10.383", "references": [{"url": "https://github.com/siriuswhiter/VulnHub/blob/main/C-Data/rce1.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.214631", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-707"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en C-DATA Web Management System. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo cgi-bin/jumpto.php del componente GET Parameter Handler. La manipulaci\u00f3n del argumento nombre de host conduce a la inyecci\u00f3n de argumento. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-214631."}], "lastModified": "2023-11-07T03:57:20.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cdatatec:c-data_web_management_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8907D1C1-AB78-456F-AC56-9670ADF8106C"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}