Vulnerabilities > CVE-2022-44000 - Improper Control of Dynamically-Managed Code Resources vulnerability in Backclick 5.9.63

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

backclick

CWE-913

critical

NVD

Published: 2022-11-16

Updated: 2022-11-21

Summary

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server.

Vulnerable Configurations

Part	Description	Count
Application	Backclick Backclick Backclick 5.9.63	1

Common Weakness Enumeration (CWE)

CWE-913 - Improper Control of Dynamically-Managed Code Resources

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-032.txt
https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037