Exploit
CVE-2022-47926

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

Published: Dec 22, 2022 / Updated: 23mo ago

010
CVSS 9.8EPSS 0.11%Critical
CVE info copied to clipboard

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2022-47926. See article

Dec 22, 2022 at 6:04 PM / infosec.exchange
EPSS

EPSS Score was set to: 0.11% (Percentile: 42.6%)

Sep 24, 2023 at 2:48 AM
Static CVE Timeline Graph

Affected Systems

Ayacms_project/ayacms
+null more

Exploits

https://github.com/loadream/AyaCMS/issues/7
+null more

Attack Patterns

CAPEC-137: Parameter Injection
+null more

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI