CVE-2022-43030

{"id": "CVE-2022-43030", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-11-14T23:15:11.820", "references": [{"url": "https://github.com/cai-niao98/siyu", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/cai-niao98/siyu/blob/main/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges"}, {"lang": "es", "value": "Se descubri\u00f3 que Siyucms v6.1.7 conten\u00eda una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en segundo plano. SIYUCMS es un sistema de gesti\u00f3n de contenidos basado en ThinkPaP5 AdminLTE. SIYUCMS tiene una vulnerabilidad de ejecuci\u00f3n de comandos en segundo plano, que los atacantes pueden utilizar para obtener privilegios de servidor"}], "lastModified": "2022-11-17T21:07:16.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siyucms:siyucms:6.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9ED44E4-3B8E-4861-BBD0-05554DD49E0B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}