CVE-2022-4136

Critical

Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any…

@huntrdev·CWE-749·Published 2022-11-24

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

179 chars

Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.

NVDen

179 chars

Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.

Un método peligroso expuesto que puede conducir a RCE en qmpass/leadshop v1.4.15 permite a un atacante controlar el host objetivo llamando a cualquier función en leadshop.php a través del método GET.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	8.6	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
3.0	Primary	cve.org	8.6	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
3.0	Secondary	NVD	8.6	3.9	4.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H