CVE-2022-43030

Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/cai-niao98/siyu	Exploit Third Party Advisory
https://github.com/cai-niao98/siyu/blob/main/README.md	Exploit Third Party Advisory
https://github.com/cai-niao98/siyu	Exploit Third Party Advisory
https://github.com/cai-niao98/siyu/blob/main/README.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siyucms:siyucms:6.1.7:*:*:*:*:*:*:*

History

21 Nov 2024, 07:25

Type	Values Removed	Values Added
References	~~() https://github.com/cai-niao98/siyu - Exploit, Third Party Advisory~~	() https://github.com/cai-niao98/siyu - Exploit, Third Party Advisory
References	~~() https://github.com/cai-niao98/siyu/blob/main/README.md - Exploit, Third Party Advisory~~	() https://github.com/cai-niao98/siyu/blob/main/README.md - Exploit, Third Party Advisory

Information

Published : 2022-11-14 23:15

Updated : 2024-11-21 07:25

NVD link : CVE-2022-43030

Mitre link : CVE-2022-43030

CVE.ORG link : CVE-2022-43030

JSON object : View

Products Affected

siyucms

siyucms

CWE

CWE-521

Weak Password Requirements

{"id": "CVE-2022-43030", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-11-14T23:15:11.820", "references": [{"url": "https://github.com/cai-niao98/siyu", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/cai-niao98/siyu/blob/main/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/cai-niao98/siyu", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/cai-niao98/siyu/blob/main/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges"}, {"lang": "es", "value": "Se descubri\u00f3 que Siyucms v6.1.7 conten\u00eda una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en segundo plano. SIYUCMS es un sistema de gesti\u00f3n de contenidos basado en ThinkPaP5 AdminLTE. SIYUCMS tiene una vulnerabilidad de ejecuci\u00f3n de comandos en segundo plano, que los atacantes pueden utilizar para obtener privilegios de servidor"}], "lastModified": "2024-11-21T07:25:49.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siyucms:siyucms:6.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9ED44E4-3B8E-4861-BBD0-05554DD49E0B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}