PT-2023-15649 · Jokob Sk · Pi.Alert

CVE-2022-48252

·

Published

2023-01-11

·

Updated

2025-07-23

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions jokob-sk/Pi.Alert versions prior to 22.12.20
Description The issue allows Remote Code Execution via nmap scan.php (scan parameter) OS Command Injection.
Recommendations For versions prior to 22.12.20, consider disabling access to the nmap scan.php endpoint until a patch is available. Restrict the use of the scan parameter in the nmap scan.php endpoint to minimize the risk of exploitation.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2022-48252
GHSA-VHG3-F6GV-J89R

Affected Products

Pi.Alert