CVE-2022-48252

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions jokob-sk/Pi.Alert versions prior to 22.12.20

Description The issue allows Remote Code Execution via nmap scan.php (scan parameter) OS Command Injection.

Recommendations For versions prior to 22.12.20, consider disabling access to the nmap scan.php endpoint until a patch is available. Restrict the use of the scan parameter in the nmap scan.php endpoint to minimize the risk of exploitation.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2022-48252

GHSA-VHG3-F6GV-J89R

Affected Products

Pi.Alert

CVE-2022-48252

Weakness Enumeration

Related Identifiers

Affected Products

References · 7