8.8
CVE-2022-47083
- EPSS 0.94%
- Veröffentlicht 10.01.2023 17:15:11
- Zuletzt bearbeitet 21.11.2024 07:31:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginA PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Spitfire Project ≫ Spitfire Version1.0475
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.94% | 0.758 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.