PT-2022-27062 · Unknown · Backclick Professional
Moritz Bechler
·
Published
2022-11-16
·
Updated
2022-11-21
·
CVE-2022-44000
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BACKCLICK Professional version 5.9.63
Description
An issue was discovered due to an exposed internal communications interface, making it possible to execute arbitrary system commands on the server.
Recommendations
For BACKCLICK Professional version 5.9.63, consider restricting access to the internal communications interface as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Backclick Professional