admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2022-22928.md

Browse Source
This commit is contained in:
之乎者也 2023-04-13 15:26:50 +08:00 committed by GitHub
parent e335c95500
commit d270898ec2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2022-22928.md Normal file
View File

@ -0,0 +1,12 @@
## MCMS Shiro Deserialization Vulnerability (CVE-2022-22928)
| **Vulnerability** | **MCMS Shiro Deserialization Vulnerability (CVE-2022-22928)** |
| :----: | :-----|
| **Chinese name** | 铭飞 MCMS shiro 反序列化漏洞CVE-2022-22928 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [body=\"铭飞Mcms\" \|\| title=\"铭飞Mcms\"](https://en.fofa.info/result?qbase64=Ym9keT0i6ZOt6aOeTWNtcyIgfHwgdGl0bGU9IumTremjnk1jbXMi) |
| **Number of assets affected** | 295 |
| **Description** | Mingfei Mcms is a complete open source J2EE system of Mingfei Technology Co., Ltd. Mingfei Mcms V5 2.2 and earlier versions contain a security vulnerability, which stems from the existence of hard coded Shiro key in the software, which allows attackers to exploit the key and execute arbitrary code. |
| **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
![](https://s3.bmp.ovh/imgs/2023/04/12/6e4ebece1945ba6f.gif)