Vulnerability Details CVE-2022-28888
Spryker Commerce OS 1.4.2 allows Remote Command Execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 87.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/167765/Spryker-Commerce-OS-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/172257/Spryker-Commerce-OS-1.0-SQL-Injection.html
- http://seclists.org/fulldisclosure/2022/Jul/4
- http://seclists.org/fulldisclosure/2023/May/2
- https://schutzwerk.com
- https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/
- http://packetstormsecurity.com/files/167765/Spryker-Commerce-OS-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/172257/Spryker-Commerce-OS-1.0-SQL-Injection.html
- http://seclists.org/fulldisclosure/2022/Jul/4
- http://seclists.org/fulldisclosure/2023/May/2
- https://schutzwerk.com
- https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/
Products affected by CVE-2022-28888
-
cpe:2.3:o:spryker:cloud_commerce:*