CVE-2022-4136

EUVD-2022-51499
Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@huntrdevCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
leadshopleadshop
1.4.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/qmpaas/leadshop/commit/f27e9ca5c93eaadda1097396b65c234b16186d67
https://huntr.dev/bounties/fe418ae1-7c80-4d91-8a5a-923d60ba78c3
https://github.com/qmpaas/leadshop/commit/f27e9ca5c93eaadda1097396b65c234b16186d67
https://huntr.dev/bounties/fe418ae1-7c80-4d91-8a5a-923d60ba78c3