Remote Code Execution Vulnerability in OpenCATS by HansMach1ne
CVE-2022-43019

9.8CRITICAL

Key Information:

Vendor: Opencats
Status: Opencats
Vendor: CVE Published:; 19 October 2022

What is CVE-2022-43019?

An identified security flaw in OpenCATS v0.9.6 allows for remote code execution (RCE) through the misuse of the getDataGridPager's ajax functionality. This vulnerability can be exploited by an attacker to execute arbitrary code on the server, potentially compromising system security and user data. Effective mitigation strategies should be implemented to address this critical issue.

References

https://github.com/hansmach1ne/opencats_zero-days/blob/ma...

https://github.com/hansmach1ne/CVE-portfolio/tree/main/CV...

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 17, 2022

CVE-2022-43019 Data

JSON

Opencats

What is CVE-2022-43019?

References

EPSS Score

CVSS V3.1

Timeline