Vulnerabilities > CVE-2022-33085 - Unspecified vulnerability in Ecisp Espcms-P8

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ecisp

NVD

Published: 2022-06-30

Updated: 2022-07-12

Summary

ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.

Vulnerable Configurations

Part	Description	Count
Application	Ecisp Ecisp Espcms P8 -	1

References

https://github.com/JeakinsCheung/ESPCMS-P8/blob/66fcc7f0fcc4d2325c0e31c9668f4c3362f0c06f/Arbitrary%20code%20execution%20vulnerability%20exists%20in%20ESPCMS%20management%20system.md