Vulnerability Details CVE-2022-25581
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2022-25581
-
cpe:2.3:a:classcms:classcms:1.0
-
cpe:2.3:a:classcms:classcms:1.5
-
cpe:2.3:a:classcms:classcms:2.0
-
cpe:2.3:a:classcms:classcms:2.5