CVE-2022-4136

Name of the Vulnerable Software and Affected Versions qmpass/leadshop version 1.4.15

Description The issue allows an attacker to control the target host by calling any function in leadshop.php via the GET method, potentially leading to remote code execution (RCE). This can enable an attacker to access, download, create, or delete files on the server, making it possible to download a PHP Trojan or disrupt normal services. More than ten IPs are reportedly using this service.

Recommendations For qmpass/leadshop version 1.4.15, consider restricting access to the leadshop.php file to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the ability to call functions via the GET method in leadshop.php can help mitigate the issue.