Lucene search

MitreCVE-2022-48252

HistoryJan 11, 2023 - 2:15 a.m.

CVE-2022-48252

2023-01-1102:15:11

CWE-78

mitre

web.nvd.nist.gov

cve-2022-48252

pi.alert

remote code execution

os command injection

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection.

Affected configurations

Nvd

Node

pi.alert_projectpi.alertMatch1.0

VendorProductVersionCPE
pi.alert_projectpi.alert1.0cpe:2.3:a:pi.alert_project:pi.alert:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pi.alert_project	pi.alert	1.0	cpe:2.3:a:pi.alert_project:pi.alert:1.0:::::::*

References

github.com/jokob-sk/Pi.Alert/security/advisories/GHSA-vhg3-f6gv-j89r

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

Related for CVE-2022-48252