// For flags

CVE-2022-4257

C-DATA Web Management System GET Parameter jumpto.php argument injection

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.

Se encontró una vulnerabilidad en C-DATA Web Management System. Ha sido calificada como crítica. Este problema afecta un procesamiento desconocido del archivo cgi-bin/jumpto.php del componente GET Parameter Handler. La manipulación del argumento nombre de host conduce a la inyección de argumento. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-214631.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-12-01 CVE Reserved
  • 2022-12-01 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • 2024-08-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • CWE-707: Improper Neutralization
CAPEC
References (2)
URL Tag Source
https://vuldb.com/?id.214631 Third Party Advisory
URL Date SRC
https://github.com/siriuswhiter/VulnHub/blob/main/C-Data/rce1.md 2024-08-03
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cdatatec
Search vendor "Cdatatec"
 C-data Web Management System
Search vendor "Cdatatec" for product "C-data Web Management System"
--
Affected