CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-4136

Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.7%

CVSS Severity

CVSS v3 Score 8.6

References

https://github.com/qmpaas/leadshop/commit/f27e9ca5c93eaadda1097396b65c234b16186d67
https://huntr.dev/bounties/fe418ae1-7c80-4d91-8a5a-923d60ba78c3
https://github.com/qmpaas/leadshop/commit/f27e9ca5c93eaadda1097396b65c234b16186d67
https://huntr.dev/bounties/fe418ae1-7c80-4d91-8a5a-923d60ba78c3

Products affected by CVE-2022-4136

Leadshop » Leadshop » Version: 1.4.15

cpe:2.3:a:leadshop:leadshop:1.4.15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4136

Products

Pricing

Contact Us