CVE-2022-30037 — HIGH (7.2)

Q: What is CVE-2022-30037?

CVE-2022-30037 is a vulnerability with a CVSS score of 7.2 (HIGH). XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php.

Q: How severe is CVE-2022-30037?

CVE-2022-30037 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-30037?

Check the references section above for vendor advisories and patch information. Affected products include: Xunruicms Xunruicms.

Vulnerability Description

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Xunruicms	Xunruicms	>= 4.3.3, <= 4.5.1

Related Weaknesses (CWE)

CWE-829

References

https://weltolk.github.io/p/xunruicms-v4.3.3-to-v4.5.1-backstage-code-injection-ExploitTechnical DescriptionThird Party Advisory
https://weltolk.github.io/p/xunruicms-v4.3.3-to-v4.5.1-backstage-code-injection-ExploitTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2022-30037?

CVE-2022-30037 is a vulnerability with a CVSS score of 7.2 (HIGH). XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php.

How severe is CVE-2022-30037?

CVE-2022-30037 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30037?

Check the references section above for vendor advisories and patch information. Affected products include: Xunruicms Xunruicms.